4CE53030-CF0C-67E7-7D845E0B5CDEC0DD
B30AA209-0176-52CF-5D6451EBC1B68D53

Passwords


Administrative Services

Purpose

This policy describes the requirements for passwords that provide access to Hamilton College computer systems and institutional data. Adherence to this policy will increase the security of information shared by the Hamilton community.

Scope

This policy applies to all faculty, staff and students at Hamilton College and all computer systems (except those excluded below) that have accounts relating to official college business, including both internal and external systems.

Revision History

Approved, December 2014.

Requirements

The requirements for passwords are a combination of length and complexity.

Length and Complexity

What does a good password look like using Hamilton’s password rules?

Your password:

  • Is used for your login to the network, HillConnect, and connected systems (e.g., Blackboard, WebAdvisor, My Hamilton, campus wireless network). If you are unsure if the Hamilton system you use is considered a “connected system,” please review our Hamilton Passwords - Systems webpage
  • Should not be used with other non-Hamilton systems, e.g. personal Gmail, personal banking.
  • Must not be equal to your current Hamilton password or any Hamilton password used in the past 90 days.
  • Must use characters in the Roman alphabet, numbers, or symbols on the US keyboard. Symbols:
    ! " # $ % & ' () * + , - . / : ; < = > ? @  [ \ ] ^ _ ` { | } ~ and a space.
  • Individuals who would like an additional level of security with their HillConnect account can use 2-step verification.

Password or pass phrase?

Consider using a pass phrase: unrelated words, at least four characters long, with mixed capitalization, separated by punctuation or spaces.

  • A pass phrase is basically just a series of words, which can include spaces, that you use instead of a single pass “word.”
  • Pass phrases should be at least 16 to 25 characters in length (spaces count as characters), but no less. Longer is better because, though pass phrases look simple, the increased length provides so many possible permutations that a standard password-cracking program will not be effective.
  • It is always a good thing to disguise that simplicity by throwing in elements of weirdness, nonsense, or randomness as long as you can remember it.
Length
Complexity
Examples of Acceptable Passwords
8-11 mixed case letters, numbers,  and symbols required

Msb13aTF$
315HC!go
M1$tleto

12-15 mixed case letters and numbers, required LeeF7450maKin
Aaron1812Burr
2014ClintonHC
16-19 mixed case letters required RobertCeramicFether
LabradorPoodleMutt
DogsRainingManyCats
20+ no more than 3 repeating characters in a row icebergskywardsinging
my children are the brightest
turffieldropescourseoutdoors

 

Age (frequency of change)

  • Employees are required to change their password annually.
  • Students are required to change their password annually.

History (reuse)

  • Passwords cannot be reused for 90 days

Lockout

  • Accounts will be “locked” after five failed login attempts. Lockout will expire automatically after 5 minutes, or can be manually unlocked using the password management system. 

Password Management System

The password management system will:

  • enforce the requirements of the password policy
  • facilitate changing of passwords
  • allow reset of a forgotten password
  • unlock accounts
  • synchronize passwords changes across connected systems
  • send email reminders about expiring passwords

Systems Excluded from the Policy

  • Colleague
    • the existing policy will continue to be used for Colleague accounts, although this will be revisited once the password management system is in place
  • Other accounts used for prospective students, parents, guests and alumni

Comments

No comments yet.

Last updated: August 31, 2017

Back to Top