Information Resources and Technology Policy

Section Policy Name Policy Number
Access Control Password Policy 6.01

Policy Purpose

The purpose of the Password policy is to require the implementation of technical procedures to ensure that passwords used at Bradley University are as secure as possible.

Policy Description

Each user of systems holding or using electronic personal or private information shall have a unique user name (a.k.a. BUnetID, login, user-id, and account name) to enable the identification and tracking of user access.  Users must not share their passwords with others. Group logins shall not be used.

The addition, deletion, and modification of BUnetIDs, credentials, and other identifier objects shall be controlled. 

Password Management 

User identity shall be verified before performing password resets. The Account Validation Procedure (6.02.01) describes how user identity will be verified. 

Passwords must be changed at an appropriate frequency to comply with audit requirements, regulatory requirements, and security best practices. The Password Complexity and Change Frequency procedure (6.01.01) describes this requirement.

Passwords must be sufficiently complex to ensure security. The Password Complexity and Change Frequency procedure (6.01.01) describes this requirement.

Passwords must not be stored in plain text. Passwords should not be written down and should not be shared with other individuals.

Account Lockout 

Repeated access attempts will lock out the user ID. The definition of ‘repeated access attempts’ will vary depending on the time between attempts and other adverse activity on the net.

Policy Scope

This policy applies to all Bradley University computer and network users.

Exceptions require CIO approval.

Policy Definitions

Date Approved Revision 1 Date Revision 2 Date Revision 3 Date Revision 4 Date Revision 5 Date