Access to the university network and systems
Data and systems must be protected against unauthorized access. This is of course especially important when handling confidential or sensitive data, but also ordinary machines and systems must be protected so that only the right people can access the data.
The most common protection mechanism is user names and passwords, and the commonest way to a compromise data protection is weak or leaked passwords. As a user of the University's IT systems you must comply with some very simple rules for passwords.
Passwords must be strong
You must ensure that your password can not be guessed easily. Some systems will automatically ensure that certain minimum requirements are met, on others you must choose something sensible yourself.
The following rules apply:
- A password must contain at least eight characters. Longer passwords may be required for privileged access, for access to sensitive information or to mission-critical systems.
- A password must contain combinations of at least three of the following categories: uppercase letters, lowercase letters, numbers and special characters.
- Do not use user names or dates as part of a password.
- A password must be changed after a maximum of 180 days.
A password is strictly personal
- Never give out your password to anyone. Not to your colleagues, not to your friends, not to your family.
- If someone sends you an e-mail asking for your password then delete the mail.
- If someone sends you a password via e-mail then login and change the password immediately.
- If you need a new password then contact your local IT support.