Highline College

Connect with Highline College

Winter quarter starts January 6. View the class schedule and enroll today for the best selection of classes.

1.5 Password Standard

Home/IT Security/IT Security Policy/1.5 Password Standard
1.5 Password Standard 2024-03-25T12:16:26+00:00

1.5 Password Standard

 

1.5.1. Overview

Passwords are a critical component of information security. Passwords serve to protect user accounts; however, a poorly constructed password may result in the compromise of individual systems, data, or the Highline College network. This standard provides best practices for creating secure passwords.

 

1.5.2. Purpose

The purpose of this standard is to provide best practices for the creation of strong passwords.

 

1.5.3. Scope

These rules apply to Highline user accounts for systems directly under Highline’s control. While we make every effort to utilize Highline credentials to grant access to third-party tools, external systems may occasionally operate under varying rules.

 

1.5.4. Standard

1.5.4.1

Highline user account passwords are the responsibility of the user, and must not be shared with any other person, or displayed where they may be seen by others.

1.5.4.2

All office workstations must have a password protected screen saver which will be activated after a period of inactivity not to exceed 15 minutes.

1.5.4.3

All classroom workstations will be logged out after a period of inactivity not to exceed 45 minutes.

1.5.4.4

Users may not use a password that they have used at Highline before.

1.5.4.5

Passwords will expire and must be changed after 365 days.

1.5.4.6

Passwords must be at least 12 characters in length.

1.5.4.7

Passwords must conform to the following guidelines:

  • Cannot contain your username or SID
  • Cannot contain your name
  • Cannot contain your initials
  • Cannot contain the college name
  • Must contain characters from three of the following four categories:
  • English uppercase characters (A through Z)
  • English lowercase characters (a through z)
  • Base 10 digits (0 through 9)
  • Non-alphanumeric characters (e.g. ~, *, #, %)

 

1.5.5. Compliance

1.5.5.1 Compliance Measurement

ITS will verify compliance to this standard through various methods, including but not limited to, periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the standard owner.

1.5.5.2 Exceptions

Any exception to the standard must be approved by ITS in advance.

1.5.5.3 Non-Compliance

An employee found to have violated this standard may be subject to disciplinary action, up to and including termination of employment.

 

1.5.6. Related Standards, Policies, and Processes

None.

 

1.5.7. Revision History

Date By Summary