What is a password/passphrase?
Password/Passphrases are not the same as passwords. A password/passphrase is a longer version of a password and is, therefore, more secure. A password/passphrase is typically composed of multiple words. Because of this, a password/passphrase is more secure against "dictionary attacks."
A good password/passphrase is relatively long and contains a combination of upper and lowercase letters and numeric and punctuation characters. An example of a good password/passphrase is d0gsareMybestfr!3nds.
Password/passphrases have been implemented to simplify the user experience and ensure the security of personal data and college resources.
Why is a strong password/passphrase important?
Password/Passphrases are an important aspect of computer security. A poorly chosen password/passphrase may result in unauthorized access and/or exploitation of Hawkeye Community College's resources.
All users, including contractors and vendors with access to Hawkeye Community College systems, are responsible for taking the appropriate steps, as outlined below, to select and secure their password/passphrase.
Password/Passphrase Construction Guidelines
All user-level and system-level passwords must conform to the Password/Passphrase Construction Guidelines:
-
Users must not use the same password for their Hawkeye accounts as for other non-Hawkeye accounts such as personal email, banking, etc.
-
Where possible, users must not use the same password/passphrase for various Hawkeye access needs.
-
User accounts that have system-level privileges granted through group memberships or programs must have a unique password/passphrase from all other accounts held by that user to access system-level privileges.
Creating your Password/Passphrase
Password/Passphrases must:
-
Conform to the Password/Passphrase Construction Guidelines.
-
Contain a minimum number of characters. The longer your password/passphrase, the better!
- Students: Password/passphrase must contain at least 8 characters.
- Faculty and Staff: Password/passphrase must contain at least 12 characters.
-
Not be based on dictionary words/common names.
-
Contain characters from three of the following four character classes:
- Upper Alphabetic (A–Z)
- Lower Alphabetic (a–z)
- Numeric (0–9)
- Punctuation and other characters (!@#$%^&*()_+|~-=\`{}[]:";'<>?,./)
Protecting your Password/Passphrase
All password/passphrases must be treated as sensitive, confidential, Hawkeye Community College information.
-
Do not share password/passphrases with anyone including administrative assistants, secretaries, managers, co-workers while on vacation, family members, etc.
-
Do not write password/passphrases down and store them anywhere in your office.
-
Do not store password/passphrases in a file on a computer system or mobile devices without encryption.
-
Do not use the "Remember Password" feature of applications (for example, web browsers).
-
Do not reveal your password/passphrase to anyone, anywhere including:
- Over the phone to anyone.
- In an email message or other form of electronic communication.
- On questionnaires or security forms.
-
Do not hint at the format of a password/passphrase (for example, "my family name").
If you suspect that your password/passphrase may have been compromised, you must report the incident to the Chief Information Officer and change all password/passphrases immediately.
Password/Passphrase Expiration
Students: Password/passphrase will expire after 4 months (120 days).
Faculty and staff: Password/passphrase will expire after 12 months.
Password/Passphrases History
To prevent recycling password/passphrase:
- Eight password/passphrase changes are required before reusing a previous password/passphrase.
- Users may change their password/passphrase once a day.
Lockout
Users will be locked out of their Hawkeye accounts after six failed attempts to login.
To regain access, contact Communication and Information Services (CIS) for assistance.
Password/Passphrase Cracking or Guessing
Password/passphrase cracking or guessing may be performed on a periodic or random basis by the Communication and Information Services (CIS) team or its delegates. If a password/passphrase is guessed or cracked during one of these scans, the user will be required to change it to comply with the Password/Passphrase Construction Guidelines.