Body
Purpose
Establishes standards for the required use of strong passwords, protecting the password, and changing frequently.
Policy Statement
As passwords are a primary means for access to confidential and sensitive data, it is critical that all network users with an account use a difficult-to-crack password, and safeguard it appropriately.
Details
To safeguard its data, MassArt requires all users to follow these minimum guidelines:
- All passwords protecting sensitive data must meet basic criteria for "strong" passwords:
- No dictionary words are contained within the password
- The characters in the password are a mix of upper and lowercase letters, numbers, and special characters (!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~)
- The length is at least twelve (12) characters
- At no time should a user's password be written down on paper. MassArt's systems are designed to require as few unique passwords as possible to access every system, so there should be no need to keep a "cheat sheet" of multiple passwords.
- All users' passwords must be changed periodically: At no time should a password be used for more than 6 months.
Wherever technically feasible, we will configure our systems to enforce these policies technologically.
Additional Information
Service accounts are a special type of non-human privileged account used to execute applications and run automated services, virtual machine instances, and other processes.
- Service accounts are required to be have randomly generated passwords with ≥25 characters.
- Service account passwords are required to be changed annually at a minimum, or immediately in the event of the departure or termination of an employee that has access to any service accounts.