Password Policy

Effective: 6/1/18; Reviewed: 10/13/21
Contact: Office of Information Technology

Statement of Purpose
The purpose of this policy is to:

  • Ensure that access to the College systems is consistent with security best practices.
  • Establish minimum standards for passwords.
  • Ensure that all users are aware of their responsibilities in effective password management.

Entities Affected by Policy
Entities affected by this policy include all College students, employees and anyone who accesses College systems.

Policy
Passwords used to access College systems must meet the following criteria:

  • Passwords must be complex
  • Password must not be shared with other users
  • Passwords should not be written down on paper
  • Passwords are required to be changed from the initial setup
  • Passwords should be stored in a Password management App or other similar secure device

Complex Passwords
Use strong password to protect your computing resources.  Follow these rules to create strong passwords:

  1. Pick long passwords, at least 8 characters in length, preferably more. Passphrase are better.
  2. Don’t use repetitive (‘aaaa’) or sequential characters 9’1234’).
  3. Don’t use personally identifiable information in the password.
  4. Don’t use your Jewell username or ‘Jewell’ in the password.
  5. Don’t use characters that cannot be entered on a standard keyboard. The system will allow it, but due to keyboard limitations you may be locked out of some areas.
  6. Check the strength and security of the password at https://central.jewell.edu/security/pwcheck.html.

Password Changes
All Jewell users are required to change their passwords from the initial four-character setup.  Please see the instruction of changing password at: https://central.jewell.edu/security/OWAPW.pdf.

Password Storage

  • Passwords should be stored in a specialized password management apps or softwares (LastPass, 1Password, and Dashlane are free recommended ones). It’s not recommended to store passwords in Word or Excel document.
  • Password management app should be locked with a long passphrase.
  • Device containing Password management app should be able to be remotely wiped.
  • Device containing Password management app should be configured with two-factor authentication.