Passwords (Policy)
Breadcrumb
Office of Origin: Information Technologies
Original Date Adopted: 08-25-09
Date Reviewed: 07-01-14, 06-28-18, 4-5-23(C)
Last Date Board Approved: 5-15-23
Lake Michigan College (“LMC” or the “College”) has established standards for password management to mitigate the risk of unauthorized users accessing institutional data and Information Technology (“IT”) assets. Password protocols are a critical component of technology security.
Any individual (e.g., student, employee, contractor) (collectively, “Users”) who has a College technology asset and/or any form of access to technology systems that reside at any College facility and/or that are attached to any College network or cloud-based system that hosts College data are required to adhere to this policy.
To prevent unauthorized access to College data and IT assets, Users are responsible for proactively taking measures to:
- Safeguard access to IT assets, data and systems
- Manage and protect passwords.
Requirements
All Users must:
- Have a password that is a minimum of 16 characters long. Spaces count as characters.
- Change their password immediately upon notification that their account has been determined to be at risk.
- Not duplicate any of the 10 last passwords.
- Not include passwords in email messages or other forms of electronic communication.
- Not share their password with others.
- Not store where publicly accessible (such as a password manager on a shared computer).
- Not reuse your LMC password for sites outside of the College.
- Not use their first name, last name, LMC ID, or birthdate in their password.
The College utilizes a multi-factor authentication service to help prevent identity theft and malicious cyber activity on the College network.
As a security measure, user accounts will temporarily lock for 15 minutes after 5 unsuccessful login attempts within a 15-minute period.
Best practices, though not required, include using a passphrase or a combination of random words instead of a password (e.g., Iwenttotritonhighschool or coffeefloorchair) and not recycling a password with each change by adding an extra character on the end or increasing a number incrementally.
Responsibility: Chief Information Officer
References: Acceptable Use Policy, Authority to Bind Policy