Password And Confidentiality Of Information
The purpose of this policy is to provide guidelines for password creation and security. Faculty, staff and administrators are expected to strictly adhere to this policy. It is also intended to educate the community on the best practices for password creation and protection.
Employees are expected to protect their passwords and electronic information as they are expected to protect their keys and paper files. Password management and protecting confidentiality are required by board policy. The Employee Use of Technology Policy states "Employees shall make every effort possible to safeguard confidential information and protect against negligent disclosure" and "employees shall safeguard passwords and shall be held responsible for any intentional or negligent disclosure of passwords. Access to confidential data shall not be left open without proper supervision."
A helpful tip: Guard computer screens and electronic information as if it had your personal credit card number prominently displayed. Also, employees are expected to keep passwords confidential, even with other employees. No one but you should know your password.
Molloy Policy enforces a password change every 180 days. It is in your best interest to change it more frequently. Once a password has been compromised, users most likely will never know about it. The person with the compromised password can use it at-will to access the accounts without the account owner ever realizing it.
Changing passwords occasionally prevents "stealthy" unauthorized users from having long-term access to your account. Reusing old passwords opens the door for that person to get back in.
Dos and don'ts for choosing a password
- Do: Memorize your password or keep it in a place you know is safe, such as a billfold.
- Don't: Write your password down on any paper near your computer, e.g. in desk drawers, under the keyboard, in binders/notepads, and especially a post-it note on the monitor.
- Do: Use a memorable phrase and take the first letter of each word to create your password, e.g. "A penny saved is a penny earned" would become the password "apsiape."
- Don't: Use words found in the dictionary. Password crack programs use whole dictionaries to crack passwords. Also, don't use dictionary words with some letters changed to numbers, e.g. L changed to one, or O changed to zero. Password crack programs can easily crack these passwords.