One of the recommendations in the November 2006 information technology audit conducted by Bonadio is as follows:
| Characteristic |
New Policy |
| Enforce Password History: The number of unique new passwords that have to be associated with a user account before an old password can be used. |
A history of 20 passwords
Note: The password does not contain three or more characters from the user's account name or the previous password. |
| Maximum Password Age: The period of time (in days) that a password must be used before the system requires the user to change it. |
Maximum password age of 180 days. At 10 days prior to the password expiring, the user will start to receive expiration notices. |
| Minimum Password History: The period of time (in days) that a password must be used before the user can change it. |
5 days from new password setting |
| Minimum Password Length: The least number of characters a user account's password may contain. |
No Change |
| Password Complexity Requirements: This determines the type of passwords users are allowed to have. |
Password must contain at least 3 out of the following:
- at least 1 lower case letter
- at least 1 upper case letter
- at least 1 number
- at least 1 special character (#, *, =, etc.)
|
This stronger college-wide password policy will be our first line of defense against unauthorized access to network resources. The policy will address the concerns of the Bonadio audit.
