Password Policy

Password Policy

Purpose
Usernames and passwords are an important aspect of the University’s computer security. A poorly chosen password may result in the compromise of University of St. Francis’s entire network. The purpose of having a password policy is to ensure a more consistent measure of security for USF’s network and the information it contains. The implementation of this policy will better safeguard the personal and confidential information of all individuals and organizations affiliated, associated, or employed by the University of St. Francis. Additionally, this policy establishes a standard for creation of passwords, the protection of those passwords, and the frequency of change of passwords.

Policy:
The University of St. Francis provides a user account and access to several applications on the network through an Internet browser and portal. Users will be required to follow the password policies listed below.

  • All university owned electronic devices must, if possible, have password protection enabled.
  • All passwords must be changed every year.
  • Individual passwords must not be shared with anyone.
  • Passwords should not be written down or stored electronically without encryption.
  • Do not save your password: Automated password saving tools shall not be used to save and store personal passwords. Some applications offer to save your passwords such as your web browser and Microsoft Access and Excel. Always say ‘No’ when prompted to save a password.
  • Employees are expected to log out of any IT service (e.g., MyUSF Portal, Outlook, Banner, Canvas, etc) when you are finished using the service or when you step away from your computer. Alternatively, you may lock or shutdown your computer, or physically prevent access to your computer if you need to leave it logged in by locking your office.
  • All passwords must be at least 12 characters long. We recommend that your password contains at least 2 numbers or special characters, not be a word in the dictionary, and not be part of your name or user name. If the device or application does not permit a password to meet these criteria, the password should satisfy as many of these criteria as possible.
  • It is against university policy to share your password with anyone or to allow some else to access the university network using your username and password. If you need access to another person’s area or account because of your position than you need to contact IT so arrangements can be made for this type of access.