Password Policy
User Password Policy:
Passwords are a vital aspect of computer security for individual users as well as the Malone community as a whole. They are the front line protection for all user accounts. A poorly chosen password may result in the compromise of Malone University's entire network. Therefore, all Malone University's community, including faculty, staff, students, contractors and vendors with network accounts and/or any form of access that supports or requires a password for any system within Malone's network, are responsible for taking the appropriate steps as outlined below, to select and secure their passwords.

  • All Malone passwords should be changed every 180 days. In most cases this is enforced automatically.
  • User accounts that have system-level privileges granted through group memberships must have a unique password from all other accounts held by that user.
  • Passwords must never be sent within email messages or other forms of electronic communication.
  • All user-level and system-level passwords must conform to the guidelines described below.


Guidelines

A. General Password Construction Guidelines
Passwords are used for various purposes at Malone University. Some of the more common uses include: Malone domain accounts, web accounts, email accounts, and screen saver protection. Everyone should be aware of how to select strong passwords.

Poor/weak passwords have the following characteristics:
  • The password contains less than eight characters.
  • The password is a common usage word, such as:
    • Names of family, pets, friends, co-workers, fantasy characters, etc.
    • Computer terms and names, commands, sites, companies, hardware,
      software.
    • The words “Malone University," "Canton," "Ohio," or any derivation.
    • Birthdays and other personal information, such as addresses and phone
      numbers.
    • Word or number patterns (e.g., aaabbb, qwerty, zyxucivo, 123321, etc.)
    • Keyboard patterns (e.g., asdfgh, qwert, yuiop, etc.)
    • Any of the above preceded or followed by a digit (e.g., secret1, 1secret,
      secret77)

Strong passwords have the following characteristics:
  • are long! Are at least eight alphanumeric characters long (with a preference of 15+ characters due to weaknesses in Microsoft password storage.)
  • have mixed case: Contain both upper and lower case characters (e.g., a-z, A-Z).
  • have numbers or special symbols in them: Have digits and punctuation characters as well as letters (e.g., 0-9, !@#$%^&*()_+|~-=\`{}[]:";'<>?,./).
  • are not a word in any language, slang, dialect, jargon, etc. unless they are long. Long is better than fancy!
  • are not based on personal information, names of family, etc.


Passwords should never be written down or stored on-line. Don't tape it to the bottom of your keyboard! If you utilize a password storage database, be sure to place a strong lock mechanism so that it cannot be broken/hacked/compromised.

Try to create passwords that can be easily remembered. One way to do this is create a password based on a song title, affirmation, or other phrase. example phrase: "This May Be One Way To Remember" and the password could either be the whole phrase or just the first letters, i.e., TmB1w2R! or Tmb1W>r~ or some other variation.

NOTE: Do not use any of these examples as passwords!

B. Password Protection Standards
Do not use the same password for Malone University accounts as for other non-Malone access (e.g., personal ISP accounts, Facebook, MySpace, option trading, benefits, etc.). Do not use the same password for various Malone University access needs. For example, select one password for OnBase and a separate password for computer login.
 
Do not share Malone University passwords with anyone, including administrators, administrative assistants, or secretaries. All passwords are to be treated as sensitive, confidential information.

Here is a list of "Don’ts":
  • Don't reveal a password over the phone to ANYONE!! even to the Help Desk.
  • Don't reveal a password in an email message.
  • Don't reveal a password to your supervisor.
  • Don't talk about a password in front of others.
  • Don't hint at the format of a password (e.g., "my family name").
  • Don't reveal a password on questionnaires or security forms.
  • Don't share a password with family members.
  • Don't reveal a password to co-workers while on vacation or away from the office.
  • Don’t log into a workstation with your username and password and then let another person use the workstation. If they require access to Malone's Network resources, require that they login with their own username and password. Guest accounts can be provided upon request.
  • Don’t use the “Remember Password” feature (e.g., on web sites, etc.) found in many web browsers.


If someone asks for a password, refer them to this document or have them call the Information Technologies Department at 330.471.8428.
If a user suspects that an account or password has been compromised, report the incident to Information Technologies, and change all passwords.

Password cracking or guessing may be performed on a periodic basis by the Information Technologies Department to enforce this policy. If a password is guessed or cracked during one of these scans, the user will be required to change it.

C. Account Lockout - Faculty & Staff Only
If the wrong password is used to attempt to log into a Malone resource too many times, the account will be locked. You can unlock and perform other self-service tasks surrounding your account at:

https://userid.malone.edu/manage

Password Policy Approved by: Director of Information Technologies
  • Effective Date: March 2010
  • revised date: February 2014
Attachments : 
Password Policy for web.pdf   (30.2 KB)