Password Policy for Faculty & Staff

The Office of IT has implemented the following security measures on passwords:

Applied Password Policy and Settings on Network/Email Account:

• Password Policy:
  • Enforce password history 10 passwords remembered (Password should be different than last 10 used passwords).
  • Maximum password age 180 days (Password should be reset after 180 Days).
  • Minimum password age 0 days. 
  • Minimum password length 8 characters. 
  • Password must meet complexity requirements Enabled (Password should be complex)
  • Multi-Factor Authentication (MFA) is enabled.
• Account lockout policy:
  Note:

  Account lockout policy disables a user’s account if an incorrect password is entered a particular number of times over a specified period. These policy settings help us to prevent attackers from guessing users' passwords, and they decrease the likelihood of successful attacks on our network.

  • Account lockout duration 20 minutes.
  • Account lockout threshold 5 invalid login attempts (Account will be locked after the 5th invalid attempt)
  • Reset account lockout counter after 20 minutes (the locked account will be unlocked automatically after 20 minutes).
• Applied Password Policy on Desktop:

Enable Password Screen saver option after 10 minutes of the idle session. This option would force the user if he/she did not use the computer for 10 minutes to re-enter the password. In case another user comes to use the computer, he/she should restart the computer and log in with his/her network account.