Skip Navigation

Password Policy

  1. PURPOSE: Passwords are a critical way to protect technology resources, including data, networks, and devices.
  1. SCOPE: This policy applies to all users with single sign-on accounts to access Stevenson University technology resources.
  • User: Someone who is provided access to technology resources, including students, faculty, staff, contractors and other individuals or groups.
  • Cloud computing service: Any function provided by an agreement with an external organization that includes the ability to store or transmit electronic information.
  • Software: Any code, program or application designed to perform specific functions on a device.
  • Technology resource: Any device, software or service that stores or transmits electronic information as part of its function.
  • Device: Any equipment or hardware that stores or transmits electronic information. This includes computers, mobile devices, network equipment, phones, and server systems.
  • User responsibilities. Users are responsible for protecting their single sign-on password, including:
    • Not sharing their password with anyone.
    • Not using their Stevenson University single sign-on password for any non-Stevenson account.
    • Reporting any potential malicious activity with their password immediately to the Office of Information Technology (OIT).
  • Password management.
    • Users are required change their passwords every 180 days.
    • Users cannot reuse the previous 10 passwords.
    • Users must register and use self-service to setup, change and reset their passwords.
    • Password lockouts. After 15 failed password attempts within a 15-minute period, an account will be temporarily locked out for 15 minutes.
    • Mobile device security. Access must be protected on any mobile device with services or applications that store Stevenson data, such as email:
      • A minimum of a 4-digit passcode/PIN.
      • Any biometric equivalent (fingerprint, facial recognition, etc).
  • Password construction. Single sign-on passwords must meet the following criteria:
    • At least 8 characters long.
    • Must have one character from at least three of each of these categories:
      • Upper case letter
      • Lower case letter
      • Number
      • Special character (non-alphanumeric): ~!@#$%^&*_-+=|\(){}[]:;"'<>,.?/ (Do not use the apostrophe (‘) as it can cause errors in some applications.)
  • Must not include any personal information including any part of these:
    • The account name (First name, Last name)
    • Student ID number
    • User name (Example: jsmith)
  1. ENFORCEMENT: See OIT Enforcement Policy.

(Approved May 2020)



Request Info