Password and Authentication Policy

Password and Authentication Policy

 
 password key
 

Introduction

This policy promotes good practice to ensure that University systems and data are only accessed by authorised users. Password rules are automatically enforced where systems support this. Where they can't, this must be documented. Where possible, users should adhere to the password rules, even when a system can't automatically enforce them. Users only have to set up their question page once, ideally before the need to reset their password. Click on the relevant link and log on to access the question page.

Key Points

  • Passwords must be 12 characters or more,
  • Passwords must contain characters from at least three out of the following four categories: Uppercase letters A to Z, Lowercase letters a to z, Numbers 0 to 9 & Special Characters
  • Passwords must not be a single Dictionary Word
  • The previous 8 passwords cannot be re-used,
  • Passwords must not contain the users first name, surname, username, employee or student number
  • Passwords should not be based on easily identifiable information, for example a pets name
  • Six incorrect password attempts will result in a 30 minute lockout of the account.

The Policy Document

The complete policy can be found here (PDF, 166.3KB).

Guidance

Further guidance is currently under development.

The below DTS Help pages for SHU staff only contain further guidance.

Students should contact the IT Service Desk

Sheffield Hallam University website