Password Policy for Faculty & Staff

The Office of IT has implemented the following security measures for passwords:

Applied Password Policy and Settings on Network/Email Account:

• Password Policy:
  • Enforce password history: 5 passwords remembered (Password should be different than last 5 used passwords).
  • Maximum password age: 120 days (Passwords should be reset after 120 days).
  • Minimum password length: 10 characters. 
  • Password must meet complexity requirements: Enabled (Passwords should be complex).
  • Multi-factor authentication (MFA) is enabled.
• Account lockout policy:
  Note:

  The account lockout policy disables a user’s account if an incorrect password is entered a specified number of times within a given period. These policy settings help prevent attackers from guessing users' passwords and decrease the likelihood of successful attacks on our network.

  • Account lockout duration: 20 minutes. (The account will be locked for 20 minutes after failed login attempts).
  • Account lockout threshold: 5 invalid login attempts (Account will be locked after the 5th invalid attempt).
  • Reset account lockout counter: After 20 minutes, the count of failed login attempts resets to 0 after 20 minutes of no activity. This means the user can try logging in again without the previous failed attempts affecting them.
• Applied Password Policy on Desktop:
  • Enable Password Screen saver option after 20 minutes of the idle session. This option would force the user if he/she did not use the computer for 20 minutes to re-enter the password. 
  • In case another user comes to use the computer, he/she should click on [Other user] and log in with his/her network account. No need to restart the computer.