The Official Web site for the Office of Information Technology - UTSA

This document should be rendered in an HTML format with cascading style sheets and JavaScript turned on.

Office of Information Technology Home Page

Skip to Main Content

Skip to Navigation

Please take a few minutes to read our Accessibility Page which will make your visit through this Web site easier.

Copyright (c) 2010. The University of Texas at San Antonio. All rights reserved.

OIT Home > About OIT > Information Resource Standards > Password Standard

Password Standard

Passwords are a critical component of computer security, providing front-line protection for electronic resources by preventing unauthorized access. Passwords are required for all University computing devices that are connected to the network.

A poorly chosen password may result in significant compromise of the UTSA network and data. Thus, all those who have access to/accounts in UTSA’s network space are responsible for taking the appropriate steps to strengthen and to secure their passwords.

A department and/or system administrator may implement a more restrictive policy on local systems where it is deemed appropriate or necessary for the security of confidential data.

Protecting Passwords

  • Passwords shall never be shared with anyone including supervisors, co-workers, or OIT personnel and they shall not be included in email messages.

  • The display and printing of passwords must be suppressed.

  • Stored passwords must be encrypted

  • Passwords shall be treated as confidential information (Category 1)

Guideline for Construction of Passwords

UTSA requires that any system employing user authentication via passwords be configured to enforce a set of password rules that pass Level 2 Assurance as calculated by the password test located at: http://www.idmanagement.gov/documents/CommonCAP.xls. (click on "Options" and select "Enable the content".)

 

An example acceptable configuration would implement the following password guidelines:

  • Contain both upper- and lower-case characters

  • Have digits and punctuation characters as well as letters (e.g., $.*.!,+)

  • Are at least eight characters long

  • Are not a word or acronym found in any dictionary

  • Are not based on personal information, names of family, birthdates, etc.

Another suggestion to ensure that your password follows the standard is to create a passphrase of 15 characters or more.

If you suspect that a password or account has been compromised, report this to the Office of Information Security (ext. 5555) immediately and change all passwords.
References for This Standard:

UT System information Resources Use and Security Policy, Section 18

Last Revision:

October 7, 2010

Account Management

Disposal of Computers
Other Electronic Devices

Laptop Encryption

Policy Exception and Risk Assumption Procedures

Administrative/Special Access

E-Mail Management

Log-in Disclaimer

Security Monitoring

Application Registration

Incident Management

Network Access

Security Training

Enterprise Backup &
Data Recovery

Information Resource Use and Security (pending)

Network Configuration

Server Hardening

Change Management

Information Security Risk Assessment

Password

Software Licensing

Computer Naming Convention

Information Security Administrator (ISA)

Patch Management Standard

Threat Detection and Prevention

Configuration and Asset Management

Information Security Training Standard

Personal Computing

Unauthorized File Sharing

Copiers and Printers

Information Services Privacy

Physical Access

Vendor Access

Data Center

Internet Use

Portable Computing

Web Application Vulnerability Scanning

Data Classification

Intrusion Detection

Protection Against Malicious Software

Wireless Network

 

 

 

Workstation Operating Systems Support

Tools