Digital Passwords Management Policy

Summary

The University of Windsor is in process of adopting a new policy that will define the minimum standards governing the format and management of passwords used to access electronic services and accounts associated with the University.

Body

The University of Windsor's Digital Passwords Management Policy defines the minimum standards governing the format and management of passwords used to access electronic services and accounts associated with the University.

Usernames and passwords are used as the keys to authenticate and authorize access to electronic services and accounts provided to the University community that are not for use by the general public or by unauthorized users. Ensuring that the passwords used are strong and managed appropriately is a key requirement to preventing the inappropriate use of electronic resources.

This policy describes minimum standards for password format and strength, sets requirements for password management over time, and defines actions that can be taken to protect accounts from suspected attack or unauthorized use. It applies to all University or affiliated services that use an authentication scheme that involves the use of a username, password, pin and / or access code, with mandatory applicability to any system that utilizes an account with a UWinID or a uwindsor.ca email address as a username.

This policy serves as the foundational password policy for the University community. Other systems may extend or strengthen the requirements described in this policy based on either additional capability or need for stronger security; however, systems may not weaken the requirements set forth in this Policy unless there are resource or other technical deficiencies that disallow its adoption.

Passwords must comply with the following minimum requirements:

Requirement

UWin Account Policy

Minimum Length

10 characters

Upper and Lower Case Characters

At least 1 upper case and at least 1 lower case character

Numbers / Digits

At least 1 numeric character

Special Characters

At least 1 special character (no restrictions)

Not Trivial or Easily Guessable

Password cannot match User ID or e-mail address

Password Expiration

365 days

Password Expiration Notification

(where possible based on application)

Initial = 30 days

Reminder #1 = 14 days

Reminder #2 = 7 days

Reminders #3-9 = daily reminders from 6 days before and up until day of expiry

Password History to be Maintained

10

Inactivity Timeout

20 minutes (enforced by the application)

Account Lockout Upon Failed Logins

5 failed logins in 5 minutes, locked for 10 minutes

Purge User Profiles

Disabled or removed as per IT Services procedures

For more information, please see Related Articles section on the right.

Details

Details

Article ID: 46793
Created
Wed 1/24/18 9:25 AM
Modified
Wed 11/3/21 7:11 PM

Related Articles

Related Articles (4)

A number of notifications are in place to ensure that UWin Acocunt holders do not miss their password expiry date.
Use of Microsoft Office 365 and your UWin Account are governed by various agreements. This article hits the highlights.
When selecting your new UWin Account password, it must meet the requirements outlined in this article.
What to do when you forgot your UWin Account password?