Approved by the Board of Trustees of the Rockland Community College on April 30, 2020

This Passwords Policy (“Policy”) applies to all Authorized Users accessing the College’s Technology Resources regardless of their capacity, role or function including, but not limited to, students, faculty, staff, third party contractors, visitors (guests), consultants, and employees fulfilling temporary or part-time roles

The purpose of this Policy is to establish a standard for creation of strong passwords and the protection of those passwords. It is the policy of Rockland Community College that anyone who has been issued authentication credentials for an account on any Technology Resource system, has access to the Rockland Community College network, or stores any non-public Institutional Data adhere to the password policy guidelines set forth in this Policy. At no time should an Authorized User grant access to the user’s account by providing someone else the password.

Passwords are an important aspect of computer security. A poorly chosen password may result in the compromise of RCC’s entire network. The purpose of having a password policy is to ensure a more consistent measure of security for RCC’s network and the information it contains. The implementation of this policy will better safeguard Institutional Data. Additionally, this policy establishes a standard for creation of strong passwords, and the protection of those passwords. Accordingly, RCC has established the following guidelines regarding the use of passwords:

Generating Passwords:

All passwords must be of sufficient length and complexity to make it very difficult to guess or crack.  The current criteria for a complex password will be maintained by ITS and communicated to users as they create passwords. Passwords will only need to be changed if they are believed to be compromised or forgotten.

Protecting Passwords:

All passwords are to be treated as sensitive, confidential Rockland Community College information. Here is a list of “don’ts”:

  • Do not use the same password for College accounts as for other non-College accounts (e.g., personal ISP account, option trading, benefits, etc.);
  • Do not share Rockland Community College passwords with anyone, including administrative assistants or secretaries;
  • Don’t reveal a password over the phone to ANYONE;
  • Don’t reveal a password in an email message;
  • Don’t talk about a password in front of others;
  • Don’t hint at the format of a password (e.g., “my family name”);
  • Don’t reveal a password on questionnaires or security forms;
  • Don’t share a password with family members;
  • Don’t use the “Remember Password” feature of applications (e.g., Firefox, Thunderbird.);
  • Don’t store passwords in a file on any computer system without encryption;
  • If an account or password is suspected to have been compromised, report the incident to the ITS Help Desk and change all passwords; and
  • Password cracking or guessing may be performed on a periodic or random basis by ITS or its delegates. If a password is guessed or cracked during one of these scans, the Authorized User will be notified and required to change it.

Enforcement:

Individuals violating this Policy may have their account either suspended or terminated given the severity of the offense. Refer to the enforcement section of the College’s Acceptable Use Policy for additional information.

Revised April 7, 2022