Password Policy for the Windows Network
Rationale:
Password protection provides a major defense for the network against unwanted intruders. Library
workers will follow these guidelines in establishing strong passwords that are difficult to decipher
and are regularly changed.
Scope:
The following requirements will be enforced on passwords for logging in to the library's Windows
network.
Requirements:
Passwords:
- Will consist of a minimum of seven alpha-numeric characters, with at least one number, and one capital letter.
- Will be changed regularly. This will be enforced automatically on an annual basis on the Monday before Martin Luther King Day.
Recommendations:
Passwords:
- Should not contain any three consecutive characters from your name, address, or user id.
- Should not contain physically sequential keys on the keyboard.
- Should not contain #, @, :, the spacebar, the delete key, the backspace key or any control key sequences.
- Should not contain common date formats such as dd/mm/yy.
- Should not contain common data formats such as your social security number, xxx-xx-xxxx.
- Should not be written down.
- Should not be shared with the exception of generic logins that do not have access to the T: drive and shared files.
Procedures/Questions:
- Account Creation - to request an account be created, contact your local PC Coordinator or Supervisor.
- Forgotten Password - contact the Systems Administrator by telephone or email. You may be asked for proof of identification.
- Exiting Employment - procedures for closing accounts are detailed in the Library's Exit Procedures document.
- Account Removal - procedures are detailed in the Library's Exit Procedures document.
- Systems Access - accounts are created for authorized personnel to work on a machine as necessary.
- Multiuser PCs - will follow all of the above requirements and recommendations except that they will be shared on a need-to-know basis.