I. Purpose
The purpose of the Password Policy is to uniquely identify and authenticate Bradley University users.
Policy Supported
- National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53
- National Institute of Standards and Technology (NIST) Special Publication (SP) 800-63
- National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)
II. Description
Each user of systems holding or using electronic personal or private information shall have a unique user name (i.e. BUnetID, account name, login, logon, user-id, and username) to enable the identification and tracking of user access. Users must not share their passwords with others. Group logins shall not be used.
The addition, deletion, and modification of BUnetIDs, credentials, and other identifier objects shall be controlled.
Password Management
User identity shall be verified before performing password resets. The Account Validation Procedure (6.02.01) describes how user identity will be verified.
Passwords must be changed periodically to comply with security best practices, regulatory requirements, and audit requirements. The Password Complexity and Change Frequency procedure (6.01.01) describes this requirement.
Passwords must not be stored in plain text. Passwords should not be written down and should not be shared with other individuals.
Account Lockout
Repeated, unsuccessful logon attempts will lock the BUnetID automatically.
III. Scope
This policy applies to all Bradley University computer and network users.
Exceptions require CISO approval.
| Date Approved | |||
|---|---|---|---|
| 6/6/2012 |
| Dates Revised | |||
|---|---|---|---|
| 4/23/2026 |
| Dates Reviewed | |||
|---|---|---|---|
| 4/23/2026 |