DIVISION: Finance and Administration
UNIT: Administrative Information Technology
APPLICABILITY: Northern Michigan University students, faculty and staff
The University is committed to providing a secure information technology environment and protecting the data of its students, faculty and staff. The purpose of this policy is to establish standards for creating and maintaining strong network and database passwords and the frequency for changing them.
The Information Technology department has taken steps to ensure the security of its systems by using authentication, encryption, and other generally accepted security standards. To access secured systems, users are required to be authenticated i.e., to supply a password that only they know, verifying that they are who they say they are. Encryption is done to prevent password sniffing, the practice of capturing someone’s password as they are logging into a system. At NMU, passwords are encrypted as they travel across the network and when they are stored in a file. As a further means of protecting data, passwords must be of sufficient complexity and length to prevent password cracking, methods hackers use to gain access to a network or system, often by using software or knowledge of passwords on outside systems to guess passwords.
Passwords are used to access systems at Northern Michigan University including My.NMU, email and the university’s main administrative system, Banner. All users of University network and database systems have a responsibility to comply with policy, guidelines, and ethical standards. Users must never give or share their password with others. Users must also understand that the IT department will never request password information over the telephone, by e-mail or in person. In addition, no NMU employee, faculty, staff or student should request any other person’s password by telephone, e-mail or in person.
When creating or changing a network or database password the following rules will be enforced to ensure the proper level of password security:
INITIATING DEPARTMENT: Administrative Information Technology, (906) 227-2410
Approved by the NMU President’s Council
April 21, 2010