This procedure establishes requirements for the identification and authentication of employees who require access to college computer systems. It also establishes a standard for the creation of strong passwords, the protection of those passwords, and the prescribed frequency of change.
- Each employee is issued a unique seven-digit Colleague identification number. Once a Colleague identifier is assigned to an employee it is always associated with the person. It is never subsequently assigned to identify another person.
- Social security numbers are not used as a personal identifier in any electronic system or application.
3. Network and User Application Accounts
- Each employee is assigned a unique network account (Windows login) to access the local area network.
- Multiple accounts or logins are not authorized to access the college network or user application accounts that require separate authentication (Example: Colleague, HCC Express, ImageNow).
- Exception: Employees who are also students are issued separate student and employee accounts to access information technology resources.
- Functional accounts may be issued for specific purposes; however, these accounts should be protected by the departments and treated as confidential information. These accounts are set to expire after a predetermined length of time.
- Accounts for full-time and part-time employees as well as adjunct faculty expire immediately upon termination of employment.
- Upon request, the technology help desk provides guests logins for access to the public wireless network. These accounts expire after 24 hours.
Passwords are an important aspect of computer security. They are the front line of protection for user accounts. A poorly chosen password may result in the compromise of HCC’s entire network. As such, all HCC employees with access to HCC’s systems are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.
a. Strong Passwords. Strong passwords provide an added level of security for protecting computing resources and information against unauthorized access. Therefore, employees are required to set their passwords using the following guidelines:
- Use at least seven characters that include numbers, letters, and punctuation. For example, use a passphrase (Oh1stubbedmyt0e!).
- Use both upper and lower case characters (e.g., a-z, A-Z).
b. Password Protection Standards:
- All passwords are to be treated as sensitive, confidential college information.
- Passwords must be unique. The same password should not be used to access the college network (Windows login) and applications (Colleague, HCC Express, and ImageNow) that require separate authentication.
- Passwords must not be included in email messages or other forms of electronic communication.
- Do not share passwords with anyone.
- Do not use the “remember password” feature of applications.
- Do not use the same password for Howard Community College accounts that are used for personal accounts
- Do not write passwords down and store them anywhere in an office.
c. Changing Passwords:
- Employees should change user-level passwords (e.g., email, desktop, etc.) every six months.
- All server administration passwords must be changed at least quarterly.
Policy Manual Review/Revision: 02/19/10