Policy and Procedure: User Accounts
Accounts and Passwords
Objectives, Recommendations, Rules and Regulations
The objective for system security is to protect critical business information and allow access to those individuals who are authorized to access that information. Failure to do so can lead to:
- Unauthorized possession of critical data
- Damage to critical business information
- Privacy issue improprieties
- Lost revenue
- Operational disruption
The solution is to restrict computer processing activities to only those people who have the proper authority and to limit their activity to those functions that fall within their assigned duties.
Recommendations to All Users:
- Do not write down your logon id or password
- Do not share your logon ID and passwords with others
- Pay special attention to the "LAST USED MESSAGE"
- Report any suspected unauthorized access to the Computer Center
Recommendations to Managers and Supervisors:
- Do not allow employees to share logon IDs
- Notify Computing Services when an employee is terminated or transfers so that their logon ID can be deleted.
Basic Rules and Regulations
- All users must have a unique access id (ACID) and password
- Each user must change their password at least once every 60 days. Passwords may be changed as often as necessary.
- All security violations, whether intentional or unintentional, will be logged when they occur. Security violation reports will be prepared and distributed to the appropriate individual.
- TSS will warn you fourteen (14) days prior to the expiration of your password.
- ACID Termination - when an employee transfers from one department to another or terminates, the employee's supervisor should call Computing Services' Help Desk at x6420 and request that the ACID be terminated.
- All new employees will be assigned a new ACID.
- The maximum number of password violations is three.
- The maximum number of violations is five.
General Password Rules:
- Passwords must be a minimum of 5 alpha-numeric characters and not more than 8 alpha-numeric characters in length.
- Passwords in the restricted list are not allowed.
- Passwords which match the userid or first four characters of any word in the associated name field are not allowed.
- New passwords cannot be the same as any of the two previous passwords.
- No repetition of successive characters are allowed.
If you have any questions concerning your account, contact your manager or supervisor or call the Help Desk at x6420.