Information Technology Reminder: paSs1w7ords
Posted by Jackie Stephenson on Sep 01, 2015
According to Wikipedia, “a password is a word or string of characters used for user authentication to prove identity or to gain access to a resource, which should be kept secret.” Passwords can be considered “a key” that allows authorized individuals to access all data required for them to perform their job, and is also the key that provides protection to this same data. This data can include PPI, PCI, and FERPA information--critical and sensitive data that both ChSCC and you are required to protect by law.
Per ITS Policy 08:13:05 Computer Passwords, all user access must be authenticated. Authentication is the means of ensuring the validity of the user identification. The minimum means of authentication for ChSCC is a personal secret password that the user must provide with each system and/or application logon. All passwords used to access information assets must conform to certain requirements relating to password composition, length, expiration, and confidentiality. (See ChSCC ITS Policy 08:13 for specific password requirements. https://itservices.chattanoogastate.edu/content/081300-computer-passwords.)
So, who is responsible for keeping these passwords secure? The answer: all of us! This means that all students, staff (including contractors and student workers), faculty, and adjuncts have the same responsibility. All users are responsible for ensuring their passwords remain secret from anyone else. Failure to do so can result in data breaches. (See ChSCC ITS Policy 08:13 for information. https://itservices.chattanoogastate.edu/content/081300-computer-passwords.)
ITS Policy 08:13:05 states: “All users, (students, faculty, staff, adjuncts, contractors and vendors, etc.), that require computer access will be provided an individual user-id and password. Requirements for audit purposes require that actions taken on a computer system must be able to be traced back to a specific user-id, so users are responsible for any action taken by their user-id.” So, what does that mean exactly?
It means that system logs are maintained in order to provide history of who (by user-id) entered a system and what action was taken by that user-id. The logs don’t know if the user that owns that user-id logged in, or if someone who “borrowed” the password logged in. So what’s the one action to ensure you keep your password secure? Don’t share your user-id and password with anyone for any reason. Don’t ever share with family members or your significant other, and don’t ever allow student workers/contractors to use staff user-ids and passwords. Anyone that requires access to a ChSCC system can be granted their own user-id and password. Supervisors can submit an ITS work order with the request.
Please contact ITS or review ChSCC ITS Policy 08:13 Computer Passwords and ChSCC IT Policy 08:14 Technology Responsible Use if you have any questions or need further guidance. (For further guidance, please see TBR G-051 Password Management. (https://policies.tbr.edu/guidelines/password-management.)