Personnel and Student Policy Regarding Passwords and Network Access

1. Purpose: This policy identifies the guidelines for the creation and management of passwords that allow access to university technology. Its intent is to better safeguard university information by requiring users to change their passwords periodically and to use more secure passwords.

2. Policy: The University provides a Millikin user account and access to several applications on the network through an Internet browser and portal. Users will be required to follow the password requirements listed below.

3. Procedure: The system will notify users when a password change is necessary, once every 180 days. Users will be required to answer two security questions that must be answered to use the “Forgot Password” functionality. The two questions are:

a) Paternal grandfather’s first name

b) City where you were born

4. Applies to: All members of the Millikin University community with network access.

5. Definitions:

a) Passwords must contain a minimum of 8 characters

b) Passwords must contain at least 1 letter and 1 number

c) Upper and lowercase letters are acceptable and distinguished

d) The three most recent passwords will be retained in the system and cannot be reused when making a password change

e) The first character cannot be a number

f) Only three special characters are acceptable for use: number sign, dollar sign, and underscore (# $ _)

The following applications will be affected by this password policy and the changing of passwords:

My Millikin Portal, Novell, Groupwise, Library database access, Moodle, Netstorage, MU Account Suite, MuOnline, Wireless access, Intellisync (used to synchronize smart phones and PDAs with Groupwise), MuAccount Suite, JIRA, Banner forms and reports