Account Security

With the growing risk of cyber-attacks and account hacking incidences, the following account security policies have been created to help mitigate avoidable incidences of account compromise.

Passwords

Passwords can be our first line of defense in protecting our accounts. In many cases, accounts have been using the same passwords far longer than they should, and many of them are far too simple.

Passwords must be changed at the end of every semester, or when someone who has access to the password leaves your area.

Passwords must follow the same policy as the Office of Information Technology’s policy for NetID passwords:

  • Your password/passphrase must be at least 10 but no more than 63 characters.
  • Your password must contain a minimum of 3 character classes. The characters on the keyboard are grouped into categories known as classes.

They are as follows:

  • Lowercase letters (a-z)
  • Uppercase letters (A-Z)
  • Numerals (0-9)
  • Special characters (e.g. $ * )
  • The password/passphrase cannot contain any 4 consecutive characters from your name or IID (i.e. your initials).
  • You cannot reuse any of your previous 5 passwords/passphrases.
  • Passwords/passphrases expire every 12 months.
  • Spaces, tabs and carriage returns are not allowed.

Passwords are not to be shared with anyone via electronic communications methods. Whenever passwords need to be exchanged, do so in person or over the phone. Additionally, do not store passwords online or on shared drives.

Account Contact Information

In order to make account continuity an easier process, follow the subsequent policy.

Never use personal or individual e-mail accounts or phone numbers for social media accounts. Using a departmental email address and phone number ensures that if you leave, the account will still be able to be reset, in case passwords are lost.

Third-Party Schedulers

Though third-party scheduling services and apps (Buffer, HootSuite, etc.) streamline our ability to post to multiple accounts at the same time, the security of these services and apps are questionable, and in some cases can allow former users to still access accounts that they have been removed from. Because of this, all areas are asked to discontinue use of all third-party schedulers. In the case of services like Facebook, Twitter, and Tumblr, scheduling is either already built in or made available directly through a service they manage.

Provide Information to the Divisional Office

Please be sure to provide all password and account contact information to the divisional marketing & communications office.