Password Policy

PURPOSE:

Passwords are a common means of authenticating a user’s identity when accessing Jefferson Community College’s network, information systems, and specialized software.  The purpose of this policy is to establish a standard for creation of strong passwords and the protection of those passwords. This policy applies to all authorized users accessing the College’s technology resources regardless of their capacity, role or function.

STATEMENT OF POLICY:

Passwords are an important aspect of computer security and the front line of protection for user accounts and Jefferson Community College’s data and infrastructure.

1. All passwords are to be treated as sensitive, confidential Jefferson Community College information.
2. All users will follow standards and procedures as put forth and communicated by Institutional Technology regarding password criteria and guidelines for length and complexity.
3. Password guidelines will be revised, when necessary, by Institutional Technology.
4. Passwords must be changed if they are believed to be compromised, forgotten, or of insufficient complexity.
   1. Password cracking or guessing may be performed on a periodic or random basis by Institutional Technology or delegates.
5. All login accounts are for the exclusive use of the person for which the account was created. That person is responsible for all use and misuse of each account assigned to them, including the passwords that they establish.
6. It may, at times, be necessary for authorized systems administrators to suspend an individual’s access to College computing resources immediately for violations of this policy pending interim resolution of the situation.  In the case of egregious and continuing violations, suspension of access may be extended until final resolution by the appropriate disciplinary authority.  
7. The President, or designee, is responsible for developing appropriate procedures and implementing this policy.

Board of Trustees
Adopted: Sept. 6, 2023, Res. 174-23