Highline College

Connect with Highline College

Winter quarter starts January 6. View the class schedule and enroll today for the best selection of classes.

1.12 Password Protection Standard

Home/IT Security/IT Security Policy/1.12 Password Protection Standard
1.12 Password Protection Standard 2024-03-25T12:15:54+00:00

1.12 Password Protection Standard

 

1.12.1. Overview

Passwords are a critical component of information security. Passwords serve to protect user accounts; however, failing to properly protect your password may result in the compromise of individual systems, data, or the Highline College network. This standard provides best practices for securing passwords.

 

1.12.2. Purpose

The purpose of this standard is to provide best practices for protecting passwords.

 

1.12.3. Scope

These rules apply to Highline user accounts for systems directly under Highline’s control. While we make every effort to utilize Highline credentials to grant access to third-party tools, external systems may occasionally operate under varying rules.

 

1.12.4. Standard

1.12.4.1

Users must not use the same password for Highline College accounts as for other non-Highline College accounts (for example: personal ISP, social media, personal email, personal banking, etc).

1.12.4.2

Passwords must not be shared with ANYONE. All passwords are to be treated as sensitive, Confidential information.

1.12.4.3

Passwords must not be inserted into email messages, Alliance cases or other forms of electronic communication.

1.12.4.4

Passwords must not be revealed over the phone to anyone, even the ITS Helpdesk.

1.12.4.5

Do not reveal a password on questionnaires or security forms.

1.12.4.6

Do not hint at the format of a password (for example, “my child’s birthday” or “my mother’s maiden name”).

1.12.4.7

Do not write passwords down and store them anywhere in your office. Do not store passwords in a file on a computer system or mobile devices (phone, tablet) without encryption.

1.12.4.8

Do not use the “Remember Password” feature of applications (for example, web browsers).

1.12.4.9

Any user suspecting that his/her password may have been compromised must report the incident to ITS as soon as possible and change all passwords.

 

1.12.5. Compliance

1.12.5.1 Compliance Measurement

ITS will verify compliance to this standard through various methods, including but not limited to, periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the standard owner.

1.12.5.2 Exceptions

Any exception to the standard must be approved by ITS in advance.

1.12.5.3 Non-Compliance

An employee found to have violated this standard may be subject to disciplinary action, up to and including termination of employment.

 

1.12.6. Related Standards, Policies, and Processes

1.1 Clean Desk Guideline

1.5 Password Standard

 

1.12.7. Revision History

Date By Summary