University of Indianapolis Account Password Policy

Responsible Office: Information Technology

Introduction

Passwords are an important part of computer security. They are the first and sometimes last line of defense against would-be criminals. A poorly chosen password or mishandled password can result in a temporary denial of computer services, identity theft, theft of university services and even financial loss. Appropriate password security is necessary to protect the University's academic interactions, business and research.

This policy describes the requirements necessary for creating and maintaining password security on all UIndy Accounts.

Policy Statement

All network devices and accounts must be secured with appropriate username and passwords. Whenever possible, systems will use UIndy Accounts stored in a central directory. All UIndy Accounts, including those used by faculty, staff, students, contractors and partners of the University, must be properly secured using the methods described in the following sections of this document.

Creating a Strong Password

The University of Indianapolis requires strong passwords on all UIndy Accounts. The following are characteristics of a strong password:

  • Is at least 12 characters in length
  • Contains 3 of the following
  • At least 1 upper case letter
  • At least 1 lower case letter
  • At least 1 number
  • At least 1 special character (  !@#$%^&*()-+?/.  )
  • Is not a word in any dictionary, English or other
  • Does not contain the user’s first or last name
  • Does not contain the user’s username
  • Cannot be the same as any of the last six passwords used

Vendor Supplied Defaults

Vendor supplied default passwords must be changed upon implementation for all systems and services hosted by the University or hosted by a contracted third party.

Password Reuse

UIndy Account passwords must be unique and not be reused on any other websites.

Password Change Frequency

Following best practice recommendations published by NIST, Microsoft, and others, the University of Indianapolis does not require periodic password changes for most faculty, staff and students. However, if a password is suspected of being compromised, immediate password change is required. IT Administrators must change their passwords every 6 months.  

Password Storage

Choose passwords that are easy to remember so that it is not necessary to write it on any piece of paper. A password written on a post-it note is as good as no password at all.  Similarly, spreadsheets are not an acceptable place to store UIndy Account passwords and the practice is strictly prohibited.  Passwords may be stored in a secure password manager such as Last Pass, Google Password Manager, or KeePass.

Password Confidentiality

Never tell another person your UIndy Account password. Your UIndy Account password should be kept completely confidential. Supervisors, coworkers, friends and family should never know your password. Likewise, it is inappropriate to ask another user for their UIndy password. If a person demands your password, refer the person to this document and/or contact the Director of Network, Systems, and Security in Information Technology.

Periodic Scans

University of Indianapolis Information Technology will periodically employ password cracking techniques to determine the effectiveness of this password policy. Any passwords found to be weak during these scans will be immediately changed and the user notified.

Password Hash or Encryption

All University computer systems must store passwords in a hashed or encrypted form.

Compromised Accounts

If you suspect that a UIndy Account has been compromised, change your password immediately and report it to the Information Technology Help Desk. Accounts that have been compromised will immediately have their password changed to prevent further exploitation.

Policy history

v1.0 - 12/20/2018

v1.1 - 4/1/2025 - Updated to remove required periodic password changes, increase minimum character length to 12, recommendations for password storage, other minor changes.
Back to top ↑