Password Change Policy

In an effort to protect sensitive data and maintain a secure digital environment for all students, faculty, and staff, Life University has a 90-day password change policy. This policy is part of the university's broader commitment to ensuring the integrity and confidentiality of personal, academic, and institutional information. The following guidelines outline the requirements for creating secure passwords within the Life University network and systems.

Policy Overview

  • Password Expiration: All users must change their passwords every 90 days to maintain system access. Users will receive a reminder 10 days prior to expiration to update their credentials.
  • Password History: Users will be restricted from reusing their last 5 passwords to prevent users from recycling old passwords.

Password Creation Guidelines

To ensure that passwords are strong and resistant to common attacks, the following requirements have been put in place:

  1. Minimum Length: Passwords must be at least 8 characters in length. This length provides sufficient complexity to prevent easy guessing or brute-force attacks.

  2. Special Characters: Passwords must contain at least 1 special character. Special characters include symbols such as !, @, #, $, %, ^, &, *, etc. These characters increase password complexity and help protect against automated cracking tools.

  3. Uppercase Characters: Passwords must include at least 1 uppercase letter (A-Z). The inclusion of uppercase letters helps increase the number of possible combinations, making passwords harder to crack.

  4. Numerals: Passwords must include at least 1 numeral (0-9). A mix of numbers strengthens the password and adds an additional layer of security.

  5. No Palindromes: Passwords cannot be palindromes. A palindrome is a word or sequence that reads the same backward as forward (e.g., "radar," "level"). These types of patterns are predictable and thus more vulnerable to attack.

  6. No Consecutive Repeated Characters: Passwords must not contain any character more than twice consecutively. For example, aaa, 111, or &&& are not permitted, as repeated characters significantly reduce password strength.

  7. No Consecutive Characters from Username: Passwords must not contain 5 or more consecutive characters from the username. This prevents attackers from guessing passwords based on easily obtainable information, such as your username or email address.

  8. Lowercase Characters: Passwords must include at least 1 lowercase letter (a-z). A mix of uppercase and lowercase characters is important for complexity and security.

Additional Password Security Practices

  • Multi-Factor Authentication (MFA): Where possible, Life University encourages or enforces the use of multi-factor authentication (MFA) for an added layer of security. This requires users to verify their identity using a second method (such as a mobile app or one-time passcode) in addition to their password.

  • Password Manager Recommendations: Life University recommends using a password manager to securely store and manage complex passwords. Password managers can generate and remember strong, unique passwords for each account.

  • Avoid Password Sharing: Users should never share their passwords with anyone, even with IT staff or system administrators. Life University staff will never ask for passwords over the phone, via email, or in person.

Guidelines for Updating Passwords

When updating your password, follow these best practices:

  • Avoid using common phrases, dictionary words, or easily guessed combinations.
  • Ensure that the new password adheres to all the above password requirements.

Enforcement and Compliance

Users will be notified through email or system alerts if their password does not meet the requirements.

Failure to change passwords within the 90-day period may result in restricted access to university systems until the password is updated according to policy guidelines.

-

The 90-day password change policy at Life University is part of a broader strategy to protect sensitive institutional data and ensure the privacy of students, faculty, and staff. By following these password guidelines and taking steps to strengthen individual security practices, the university community can work together to minimize the risks posed by cyber threats and safeguard against unauthorized access.

Powered by Zendesk