SSD Password - Guidelines
Use this page when to inform and clarify the SSD password policy, guidelines, and protection.
Purpose
The Special School District provides and maintains computing resources to support business operations, and stores staff and student data. To preserve the integrity, privacy & availability of these computing resources, all users are responsible for adhering to these guidelines. The scope is applicable to all resources owned or operated by the District where passwords are utilized.
Passwords and user IDs are the primary form of user authentication used to grant access to District resources. To ensure that passwords provide as much security as possible, users must create strong passwords and protect them. Without clear standards, system users may potentially create passwords that are easy to guess or steal, allowing illicit access to District resources, thereby compromising the security of those resources. The purpose of this guideline is to establish a standard for creation of strong passwords, the protection of those passwords, and the use and frequency of change.
Guidelines
A Strong Password will:
Be at least 16 characters in length.
Have at least one from all of the following categories:
Uppercase alphabetic characters, e.g. A-Z.
Lowercase alphabetic characters, e.g. a-z.
Numerical character, e.g. 0-9.
Special character, e.g. ~!@#$%^&*()_-+=.
A Strong Password will not:
Spell a word or series of words that can be found in a standard dictionary.
Spell a word with a number added to the beginning and the end.
Be based on any personal information such as user id, family name, or personally identifiable data which includes, but is not limited to, employees' number, social security number, or date of birth.
Protection of Strong Passwords
Passwords are considered sensitive, confidential information and will not be shared with anyone, including co-workers, managers, and Technical Support personnel. The following are general standards for protecting a Strong Password:
Users will individually own passwords and keep them confidential. Users will NOT share passwords under any circumstances. If a user knows or suspects that their password has been shared or compromised, it must be changed immediately.
Users will store passwords in a secure manner. As such, users must not write down passwords or store them in an office or publicly accessible area.
Users will not store passwords in a file on a computer system or mobile devices without encryption.
Users will not use the "Remember Password" feature of applications, e.g. web browsers.
Mobile devices accessing corporate e-mail and calendaring must have a passcode on the device.
Use and Frequency of Change of Strong Passwords
Users will avoid using the same password for accessing District resources as they use for non-District resources. The following are general standards for Use and Frequency of Change of Strong Passwords:
Users will not reuse passwords more frequently than every 18 months. Reuse includes the use of the exact same password with appended or pre-pended sequential characters.
All general user-level passwords must be changed at least every 1 year.