Purpose

The purpose of this policy is to provide guidance to Macalester College faculty, staff, and students regarding passwords in order to protect individual and College information and resources. The Macalester College network and information systems provide the technical foundation for its academic and administrative missions. Providing open access to information is imperative to ensuring academic freedom at the institution. Adherence to this policy will help ensure that the college network and information systems are secure and available to all.

Scope

This policy applies to all Macalester College users and associated accounts.

Policy

Macalester account credentials must meet the minimum password complexity standards, and where possible, Information Technology Services (ITS) will technically enforce these standards. Faculty, staff and students must adhere to the minimum password standards for all systems and applications that come into contact with College resources.

Password Requirements

  • Passwords must be a minimum of 12 characters
  • Passwords must have 3 of the 4 requirements:
    • at least 1 uppercase letter (A-Z);
    • at least 1 lowercase letter (a-z);
    • at least 1 number (0-9);
    • At least 1 non-alphanumeric character
  • Passwords must not:
    • contain your name or username
    • be a previously used password
    • be shared with anyone
  • It is strongly recommended that:
    • passwords be changed at least once per year
    • password length be in excess of 15 characters
    • avoid commonly used words or phrases
    • a password manager should be used

Self Service Password Reset

How to change your password

  1. Go to 1600grand.macalester.edu.
  2. Enter Macalester Username and Password. Click LOG IN.
  3. From the Macalester menu, select My Account.
  4. Go to Change Password, then click Change Now.
  5. Enter Current Password.
  6. Enter New Password.
  7. Re-enter New Password.
  8. Click UPDATE.

Enforcement

Any user found to have violated this policy will be subject to revocation of certain privileges or services, including but not limited to loss of user account access.

 

January 2020