Password Reset Policy
Purpose
ITSD is establishing and refining security measures for Babson College’s technology structure. To aid in this procedure, a single user sign on process has been developed for email, Portal, and network access. These systems have synchronized user names and passwords. In order to keep these systems protected and align our processes with industry best practices, a new security policy will be implemented by 14 September 2009. Under this policy, students and faculty will be required to change their passwords at the beginning of each Fall and Spring semester. Administrative staff will be obliged to change their passwords every ninety (90) days.
Organizational Scope
This is a College-wide policy and applies to all students, faculty and administrative staff including employees at the Executive Conference Center, personnel in the Executive Education office, Sodexo employees, Barnes and Noble staff and any other person with a Babson user account. Alumni, Trustees and Advisors will be excluded from this policy at this time.
Policy Content and Guidelines
In terms of password administration, the following list provides requirements for establishing and maintaining passwords:
- Passwords shall be 8–12 characters in length.
- Passwords should be a combination of characters that does not have a meaning or relate to any personal information. Users may select characters from the following categories:
- Alphabetical letters: a–z, or A–Z
- Digits: 0–9
- Special characters: ! @ $ % ^ * ( ) _ ~ + - = [ ] { } < >
- Passwords shall be memorized. Passwords are not to be written down or stored by other means.
- Passwords shall not be shared with any other person for any reason.
- Passwords may not be reused. New passwords must differ by at least 1 character from the previous password.
- Notification reminders will be displayed through Portal to users seven (7) days before their passwords expire.
- Users should provide a secondary email address for the purpose of receiving a personal link to the password change window for the occasions where the user has forgotten her/his password. (Refer to the Secondary Email Address Policy for more specifics.)
- Users who do not provide a secondary email address will be required to retrieve their new passwords in person at the IT Service Center, Horn 220. A Babson OneCard will be required as means of proper identification.
- A list of users who have not reset their passwords within 30 days after the expiration will be sent to Human Resources on a regular basis for corrective action during this pilot phase.
- Some systems (for example, ePerformance, HR Info, Power Campus, etc.) have their own password protection/reset policies. The application administrator for each of these systems will be responsible to ensure clients comply with those password reset policies as written.
If users have questions regarding the process for changing a password, they may call the ITSC at extension 4357.
Approval Agency
Executive Vice President/Executive Dean
Vice President for Administration and CIO
Approval Dates
This policy was originally approved on: 15 July 2009
This version was approved on: 1 September 2009
This version takes effect from: 14 September 2009
This policy will be reviewed by: 15 July 2010
Policy Sponsor
IT Support Services
Contact
IT Support Services