Navigation Bar IT Admin Ed Tech Library IT Services
Information Technology
Information Technology Services Home Password Security Policy
Information Technology Services
   
   
Common Links
Request Assistance
Online
   
GroupWise Web Access
   
Moving Equipment
Checklist
   
Latest Tech Tip
   

 

New passwords will be provided, and existing passwords will be released, only when the identity of the requester can be clearly established.

Background
Definitions
Exemptions
Procedures
Password Guidelines
Contact Information


Background

The University of Kansas Medical Center provides access to network, electronic mail and voice mail resources to its students, faculty, and staff, in support of the University's mission of teaching, research, and public service. Passwords are assigned for access to each of these resources to authenticate a user's identity, to protect network users, and to provide security.

Password protection is one of the most important principles of network, e-mail and voice mail security. The purpose of this policy is to outline the procedures used by authorized staff to change or reveal an existing password to users who have compromised or forgotten their authorized password to the University's network, e-mail or voice mail resources. The resources covered by this policy include, but are not limited to, the University's network (via campus or remote access), e-mail and voice mail systems.

Although the University strives to manage a secure computing and networking environment, the University cannot guarantee the confidentiality or security of network, e-mail or voice mail passwords from unauthorized disclosure.

Back to Top Top

Definitions

PASSWORD
 Authorized individual password assigned by the University of Kansas School of Medicine-Wichita's Information Technology Services department for access to its network, e-mail and voice mail resources.

UNIVERSITY
The term 'the University' means the University of Kansas Medical Center.

USER
Anyone who holds a valid account on the University's network, e-mail and/or voice mail systems.

Back to Top Top

Exemptions

Everyone who holds, or wishes to acquire, a valid account on the University's network, e-mail and/or voice mail systems is covered by this policy. This policy covers users on the Wichita campus as well as users who access these systems from an off-campus location. There are no exemptions.

Back to Top Top

Procedures

I. Password request procedures.

Procedures for processing password requests strive to balance security requirements and user convenience. These procedures will be followed by the staff of IT Services for all password requests for access to the University's network, e-mail or voice mail resources. (Including new, changed, or forgotten passwords.)

1. Under no circumstances will existing passwords be revealed by telephone.
2. Under no circumstances will new passwords be provided by telephone.
3. Information Technology Services staff will be pleased to handle requests made in one of the following ways:

  • Requests may be made in person at Information Technology Services [B001] during normal business hours. Photo identification is required.
  • Requests may be faxed to Information Technology Services at 316-293-1888 at any time, but they will be handled during normal business hours. The fax must include photo identification and signature.
  • New account requests may be submitted via web form. New account requests must be verified by the employee's supervisor.

4. Confirmation will be given to user by phone, e-mail, or alphanumeric page when a password change is completed.
5. A network manager must approve any password change requested by a user's supervisor. Confirmation will be sent to user when a password change is completed at the request of a supervisor.


II. Password Protection Responsibilities

System administrators and users assume the following responsibilities:

  • System administrator must protect confidentiality of user's password.
  • User must manage passwords according to the Password Guidelines
  • User is responsible for all actions and functions performed by his/her account.
  • Suspected password compromise must be reported to IT Services immediately.

Back to Top Top

Password Guidelines

Password are required to meet the following criteria:

  • Password must be 8 to 25 characters in length
  • At least one UPPERCASE letter character (A, B, C, etc.)
  • At least one lowercase letter character (a, b, c, etc.)
  • At least one numeric digit (1, 2, 3 etc.)
  • At least one special character (_-+=)(*&\}]{[. ,><?/ etc.)

Select a Wise Password

  • Do not use any part of the account identifier (username, login ID, etc.).
  • Do not use a proper name or any word in the dictionary without altering it in some way.

A password is harder to crack if you utilize several of these selection techniques:

  • Use a mix of alpha and numeric characters
  • Use 8 or more characters.
  • Use mixed case.
  • Use two or three short words that are unrelated.
  • Deliberately misspell words.
  • Take the first letter from each word of a phrase.

Keep Your Password Safe

  • Do not tell your password to anyone.
  • Do not let anyone observe you entering your password.
  • Do not display your password in your work area or any other highly visible place.
  • Change your password periodically (every 60 days is recommended).
  • Do not reuse old passwords.

Additional Security Practices

  • Ensure your workstation is reasonably secure in your absence from your office. Consider using a password-protected screen saver or logging off when you leave the room.

 

Contact Information

For information on this policy, please contact IT Services.

Back to Top Top

 
IT> Information Technology Services> Policies > Password Security Policy

KU School of Medicine-Wichita Home

Page last updated: March 5, 2007
For more information contact: Information Technology Services
For site development questions and comments, contact: The Web Development Unit
Copyright © 2001-2006, The University of Kansas School of Medicine - Wichita