Why Do We Need This?
Passwords are the main line of defense when it comes to granting access to sensitive information. Ensuring that the passwords you create for your bank accounts, email, and other resources are strong is key to preventing unauthorized access to your information. Below are some of the key points to having a password policy.
- Prevent weak passwords
- prevent unsafe password practices
- protect against unauthorized access
- Improve SUNY Cobleskill's security posture
- protect your information from unauthorized access
- personal data and general data theft prevention
Who Does This Apply To?
Any SUNY Cobleskill email account holder
Policy
Password Creation and Complexity
- Password should contain a minimum of 8 characters long.
- Not contain easily guessable words/phrases. Examples:
- spring2021, fall 2023, birthdate, your name, etc.
- should be unique and not be reused from any other account
- contains an upper case. lowercase, and a number
- optionally may contain a special character
- Passwords must not contain dictionary words, usernames, personal information, or easily guessable patterns.
- length is recommended over complexity
- "This12ismy34Password" is a lot better than "Password123" not that you should use either of those examples
- When creating a password try to make it memorable, something that is unique to you and no one else would guess. If your favorite food is milkshakes and fries maybe your password can be something like "MintMilk15potatostrings43" this makes the password memorable but also more complex and unique so that if someone knew your favorite food they wouldn't be able to easily guess that password
- Spend some time thinking of a password to use and where to place your numbers and phrases. The more you spend time curating a password, the more you will remember it
- open a new notepad or a word doc and try typing in your password in a variety of different ways to see what is easy to remember, once you are done, delete the entries and close the document without saving
- Once you are satisfied try typing it multiple times to ingrain it in your memory.
- Humans remember by association
Password Management
- Passwords must be changed at least every 180 days.
- passwords should not be stored on plain text physically or digitally.
- passwords are recommended to be stored in a secured, encrypted password manager for ease of use.
- Your Cobleskill account password should shared with anyone other than yourself
Account Lockouts and Password Recovery:
- Accounts are set to lockout after 3 failed attempts and will remained locked for 30 minutes
- Accounts can be unlocked using Microsoft SSPR
General Guidance
- Applying MFA to a strong password applies another layer of security that makes it harder for attackers to get into an account should your password be compromised
- This does not mean you should use a weak password simply because you have MFA enabled. MFA fatigue attacks can bypass MFA. (google "MFA fatigue")
- If Information Security suspects that your password is compromised, you will be asked to change your password as a security precaution.
- if you click on a suspected phishing link, you will be asked to change your password as a security precaution.
Questions?
If you have and questions or comments feel free to comment below or contact the Service Desk at 518-255-5800