Password Management Standards and Guidance

Summary

Passwords are one of the first lines of defense for protecting your user account and data. The Password Management Standards Guide contains all the information that is necessary to setup a password that will secure your information.

Body

The purpose of this standard is to establish the minimum requirements for passwords used to access
University information systems and services to reduce the risk of unauthorized access to Framingham State’s
technology resources and data. Pursuant to the University’s Password Management Policy, passwords are the
primary means of protecting access to University Information Systems; therefore, it is imperative that
passwords are strongly constructed and used in a manner to prevent account compromise.

This standard applies to all individuals accessing the campus network or any University information system.
This use may include, but is not limited to access from; personal devices, laptops, University-owned
computers, information systems, and servers. This Standard applies to both departmental and centrallymanaged
resources. When these password standards are technically infeasible, the application owner must
contact the University’s Information Security Officer to request an exception.

MINIMUM PASSWORD/PASSPHRASE STANDARDS FOR ALL UNIVERSITY ACCOUNTS
Password Composition
a) All passwords must be strong passwords and include the following:
   i) A minimum of twelve (12) characters
   ii) English uppercase characters (A through Z)
   iii) English lowercase characters (a through z)
   iv) Numerals (0 through 9)
   v) Special Characters (!, #, $, &)
b) Passwords must never include the following:
   i) Three (3) consecutive characters from the first name, middle name, last name or username.
   ii) Blank spaces.
   iii) Special character sequences such as //.
   iv) Personal or financial information such as Social Security or credit card numbers.

Password Management
a) An individual may change their password at any time provided the password is:
   i) Different than the previous ten (10) passwords used; and,
   ii) Not used more than one (1) time per 12-month period.
b) Passwords must be changed if an account is compromised.
c) Pursuant to the Acceptable Use Policy, passwords must never be left in a location, along with the
username, that can be readily obtained and utilized by another individual to Authenticate to a
University Information System.
d) To prevent compromise of credentials, never use the same password for login to a Framingham State
University account and a personal account.
e) Never share a password with anyone in any way (e.g., email, phone call, electronically via the Internet)
including managers, co-workers, assistants, family members, friends, or the IT Service Desk.
f) If a password is suspected to have been compromised, it must be changed immediately, and the
incident reported to Information Technology Services IT Service Desk.

Details

Details

Article ID: 155060
Created
Thu 10/19/23 5:24 PM
Modified
Thu 10/31/24 3:16 PM

Related Services / Offerings

Related Services / Offerings (4)

For general issues logging into any of Framingham State applications.
Most University owned laptops have a laptop password available for users to install software on their machines.
Microsoft Multi-factor Authentication (MFA) creates an additional layer of security when logging into your Microsoft Office 365 account. This additional security is associated with something in your possession, such as a personal smartphone, that would be unavailable to someone who gained access to your Microsoft Office 365 account.
This service offers faculty and staff access to a secure vault for storing all university passwords.