Macalester College Password Policy

Purpose

The purpose of this policy is to provide guidance to Macalester College faculty, staff, and students regarding passwords and multi-factor authentication in order to protect individual and College information and resources. The Macalester College network and information systems provide the technical foundation for its academic and administrative missions. Providing secure access to information is imperative to ensuring academic freedom at the institution. Adherence to this policy will help ensure that the college network and information systems are secure and available to authorized users.

Scope

This policy applies to all Macalester College users and associated accounts.

Policy

Macalester account credentials must meet the minimum password complexity standards, multi-factor authentication requirement, and where possible, Information Technology Services (ITS) will technically enforce these standards. Faculty, staff and students must adhere to the minimum standards for all systems and applications that come into contact with College resources.

Password Requirements

• Passwords must be a minimum of 14 characters
• Passwords must have 3 of the 4 requirements:
  • at least 1 uppercase letter (A-Z);
  • at least 1 lowercase letter (a-z);
  • at least 1 number (0-9);
  • at least 1 non-alphanumeric character
• Passwords must be protected by multi-factor authentication
• Passwords must not:
  • contain your name or username
  • be a previously used password
  • be shared with anyone
• It is strongly recommended that:
  • passwords be changed at least once per year
  • password length be in excess of 20 characters
  • avoid commonly used words or phrases
  • a password manager should be used

Enforcement

Any user found to have violated this policy will be subject to revocation of certain privileges or services, including but not limited to loss of user account access.