Passwords
Purpose
This policy describes the requirements for passwords that provide access to Hamilton College computer systems and institutional data. Adherence to this policy will increase the security of information shared by the Hamilton community.
Scope
This policy applies to all faculty, staff and students at Hamilton College and all computer systems (except those excluded below) that have accounts relating to official college business, including both internal and external systems.
Revision History
Approved, December 2014.
What does a good password look like using Hamilton’s password rules?
Your password:
- Is used for your login to the network, HillConnect, and connected systems (e.g., Blackboard, WebAdvisor, My Hamilton, campus wireless network). If you are unsure if the Hamilton system you use is considered a “connected system,” please review our Hamilton Passwords - Systems webpage.
- Should not be used with other non-Hamilton systems, e.g. personal Gmail, personal banking.
- Must not be equal to your current Hamilton password or any Hamilton password used in the past 90 days.
- Must use characters in the Roman alphabet, numbers, or symbols on the US keyboard. Symbols:
! " # $ % & ' () * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~ and a space. - Individuals who would like an additional level of security with their HillConnect account can use 2-step verification.
Password or pass phrase?
Consider using a pass phrase: unrelated words, at least four characters long, with mixed capitalization, separated by punctuation or spaces.
- A pass phrase is basically just a series of words, which can include spaces, that you use instead of a single pass “word.”
- Pass phrases should be at least 16 to 25 characters in length (spaces count as characters), but no less. Longer is better because, though pass phrases look simple, the increased length provides so many possible permutations that a standard password-cracking program will not be effective.
- It is always a good thing to disguise that simplicity by throwing in elements of weirdness, nonsense, or randomness as long as you can remember it.
| Length | Complexity | Examples of Acceptable Passwords |
|---|---|---|
| 8-11 | mixed case letters, numbers, and symbols required |
Msb13aTF$ |
| 12-15 | mixed case letters and numbers, required | LeeF7450maKin Aaron1812Burr 2014ClintonHC |
| 16-19 | mixed case letters required | RobertCeramicFether LabradorPoodleMutt DogsRainingManyCats |
| 20+ | no more than 3 repeating characters in a row | icebergskywardsinging my children are the brightest turffieldropescourseoutdoors |
Age (frequency of change)
- Employees are required to change their password annually.
- Students are required to change their password annually.
History (reuse)
- Passwords cannot be reused for 90 days
Lockout
- Accounts will be “locked” after five failed login attempts. Lockout will expire automatically after 5 minutes, or can be manually unlocked using the password management system.
Password Management System
The password management system will:
- enforce the requirements of the password policy
- facilitate changing of passwords
- allow reset of a forgotten password
- unlock accounts
- synchronize passwords changes across connected systems
- send email reminders about expiring passwords
Systems Excluded from the Policy
- Colleague
- the existing policy will continue to be used for Colleague accounts, although this will be revisited once the password management system is in place
- Other accounts used for prospective students, parents, guests and alumni
OTHER HAMILTON PASSWORD WEBPAGES
Comments
Last updated: March 1, 2023
Contact
Team Name
Administrative Services
198 College Hill Road
Clinton, NY 13323
No comments yet.
Comment Guidelines
Please log in to post a comment