Longwood University    Information and Instructional Technology Services   201 High Street, Coyner 107, Farmville, VA  23909    Phone: 434.395.2034         Fax: 434.395.2035

Policy 6119
PASSWORD MANAGEMENT

I.     PURPOSE

Effective password management is the most central single element in assuring the overall security of Longwood's information technology resources and systems and the protection of its information assets. The purpose of this policy is to ensure that all users are aware of their responsibilities in effective password management.

II.    DEFINITION

Password Management: Password management is the selection, distribution, use, modification and testing of computer system passwords.

III.     POLICY

All who participate in the use and administration of Longwood's information technology resources 
and systems shares responsibility for effective password management. Specific responsibilities are
assigned as follows:

A.  Password Standards for Multi-user Systems: Information and Instructional Technology Services (IITS) shall independently establish minimum baseline standards for passwords on all multi-user systems for which it has responsibility. These standards, at a minimum, shall include minimum length, characteristics, and expiration cycles for all shared fileservers, central academic and administrative computer systems, and test or background processing machines, which IITS administers.  Software systems or particular applications or privileges may require access passwords beyond those required for accessing the computer system itself. The owner of the software application system establishes requirements for such passwords.

B.  Password Standards for Shared Systems: IITS shall work in conjunction with system administrators outside of IITS to establish standards for other shared systems connected to the campus network, including those purchased and administered by individual departments.  Administrators of such systems shall be responsible for communicating and enforcing these standards.

C.  Password Testing: IITS reserves the right to monitor the overall security of Longwood's information technology environment by testing the strength of passwords on all multi-user systems both those it administers and others.

D.  PC Information Security: Individuals, department heads, and unit managers are responsible for the security of individual PCs and information stored within their domain and may elect to employ passwords as a method of protection. (i.e., boot passwords and/or screen saver passwords)

E.  Personal Ownership of Password Management: Ultimately, individuals using Longwood's information technology resources and systems are responsible for assuring effective password management. To fulfill this responsibility, they shall be aware of and follow the minimum baseline standards for each system they access. Most notably, this includes choosing strong passwords and safeguarding their integrity. Computer passwords represent an individual's identity to the system and should never be disclosed to or used by others. Unauthorized use of a computer account/ID is a violation of policy and may lead to disciplinary or judicial action.

IV.    EXCEPTIONS AND EXEMPTIONS

The Chief Information Officer of Longwood University must approve exceptions to or exemptions from any provision of this policy in writing.

Approved by the Board of Visitors, September 7, 2002.

Back to the Table of Contents                                                                     Next Policy