All passwords must also be updated when any member of staff, who had access to the password or password management system, leaves the university or changes roles where they no longer will have privileged access to the password management system.
root, enable, domain admin, application admin accounts, etc.) must be changed on at least a semi-annual basis. All system-level and shared service account passwords (e.g.All production system-level and shared service account passwords must be part of the CTS Services administered password management system using the centralized password management system.The following rules are required to be followed to reduce the risk of compromise of any person's personal information and/or security credentials. These employees have certain responsibilities in the administration of those credentials. Accounts will be auto-enrolled into Multifactor authentication if not established during account claim.Īdministrators Password Service RequirementsĪpplies to any employee (faculty or staff) who issues credentials and is responsible for the management of the credentials including provisioning and support of accounts and passwords. MultiPass accounts are required to enroll in the University's Multifactor Authentication solution.MultiPass accounts are locked out after sequential failed password attempts.If a password is guessed during one of these scans, the user will be required to change it. Automated password guessing may be performed on a periodic or random basis by CTS or its delegates.Passwords that could be used to access Restricted Data and sensitive information must be encrypted in transit.Passwords should not be inserted into email messages or other forms of electronic communication without the consent of CTS.Passwords must be changed at least every 120 days.If a user suspects a password has been disclosed or compromised, the user must change their password immediately and report the incident to CTS at 41, or 1-88.If for some reason your password is disclosed to another employee, it should be reset as quickly as possible. Passwords may not be disclosed or shared with another person, including CTS, or any other Duquesne Employee.Passwords should never be written down, stored on-line without encryption, or stored in plain text files.Passwords are sensitive and classified as Restricted Data therefore all protections of Restricted Data should be applied to their use.The following rules are required to be followed to reduce the risk of compromise to your credentials and password. Service Requirements All Individuals Password Service RequirementsĪpplies to all students, employees, affiliates or members of the community to whom credentials have been issued and have responsibilities in the care of those credentials. Duquesne University's Computing and Technology Services (CTS) team will NEVER ask for your MultiPass password or other personally identifiable information. Never share your credentials, password or other sensitive information and do not respond to emails that request access to your MultiPass ID, password, secret questions, or other personal information. Information Technology systems and services at Duquesne University require the use of credentials and passwords including but not limited to email, academic and administrative applications, computer labs, DORI, and endpoint computers. The need for a strong password is greater than ever and credentials issued by Duquesne University are often the first line of attack, and the last line of defense in the protection of personal and institutional assets. Duquesne University is committed to a secure information technology environment in support of our mission. This Service Requirement describes the University's requirements for acceptable credential management, password selection and maintenance.
0 kommentar(er)
