Policies & Procedures

1. LancerNet passwords must:
   1. be at least 15 characters.
   2. meet at least 3 out of the 4 requirements for quality:
      1. at least (1) lower case letter
      2. at least (1) upper case letter
      3. at least (1) number
      4. at least (1) special character (?, *, %, etc.)
   3. be changed, at a minimum, every 120 days.
   4. be unique:
      1. Users should create a different username and password for external services such as personal e-mail, banks, music services, stores, personally owned computers or other systems.
      2. Users should not repeat previous passwords and accordingly an encrypted record of previously used passwords will be maintained.
2. LancerNet passwords must not:
   1. be known or used by others.
      1. Users must never provide their password to anyone.
      2. Users must log off of applications when done using them.
      3. Users must secure workstations when they are away from them. Devices will be subject to lockouts for inactivity.
      4. Users must never use the "Remember Password" feature of any applications.
   2. be all or part of your LancerNetID
   3. be all or part of the IT system's name
   4. be blank
   5. be based on a single dictionary word
   6. contain more than (2) repetitive characters (e.g., Mmmmmmm1, Ab7777777, etc.)
   7. be based on a simple keyboard combination (e.g., Qwerty)

Note: Users must report suspected password compromises.

1. Users must contact the Help Desk if they believe someone has obtained their password.
2. Users must change their password if they suspect it has been compromised.

Approved by the Chief Information Officer, December 2, 2008.