6.01 Password Policy
The purpose of the Password policy is to require the implementation of technical procedures to ensure that passwords used at Bradley University are as secure as possible.
Each user of systems holding or using electronic personal or private information shall have a unique user name (a.k.a. BUnetID, login, user-id, and account name) to enable the identification and tracking of user access. Users must not share their passwords with others. Group logins shall not be used.
The addition, deletion, and modification of BUnetIDs, credentials, and other identifier objects shall be controlled.
User identity shall be verified before performing password resets. The Account Validation Procedure (6.02.01) describes how user identity will be verified.
Passwords must be changed at an appropriate frequency to comply with audit requirements, regulatory requirements, and security best practices. The Password Complexity and Change Frequency procedure (6.01.01) describes this requirement.
Passwords must not be stored in plain text. Passwords should not be written down and should not be shared with other individuals.
Repeated access attempts will lock out the user ID. The definition of ‘repeated access attempts’ will vary depending on the time between attempts and other adverse activity on the net.
This policy applies to all Bradley University computer and network users.
Exceptions require CIO approval.