Password policy

Objective: To protect university information systems from unauthorized access through strong password standards.

Scope: All university passwords (user accounts, system accounts, website accounts, email accounts, screensaver/voicemail).

Policy Details:

• Password Protection: Strict confidentiality, no sharing or visible storage.
• Unauthorized Disclosure: Procedures for handling breaches.
• Password Creation Criteria:
  • Minimum 8 characters.
  • Mix of uppercase/lowercase letters, numbers, and symbols.
  • Not based on personal information or dictionary words.
  • Periodic changes.
  • Unique passwords for each account.
• Protection Levels: Based on data sensitivity.
• System Administrator Duties: Enforce strong password standards, encrypt passwords.
• User Duties: Account responsibility, password protection.

Detailed Simulation:

• Acceptable Example (Employee A):
  • Strong, complex password meeting all criteria.
  • Scheduled password changes.
  • Secure storage in a password manager.
  • Secure encrypted transfer when needed.
  • System rejects weak passwords.
  • Result: Secure account, protected university data.
• Unacceptable Example (Student S):
  • Weak, easily guessed password.
  • Password written down and publicly visible.
  • Failure to change password periodically.
  • Unsecure password sharing via text message.
  • Result: Account breach, stolen academic information, loss of trust.

Conclusions:

• Adherence to password policy is crucial for information protection.
• Both employees and students must follow standards.

Recommendations:

• Training and awareness programs.
• Monitoring and analysis of password practices.
• Continuous policy evaluation.