NIC Policy 3.08.05 User Authentication Guidelines

Creating a secure password/passphrase

Passwords and passphrases are used to restrict access to systems, software applications, and data.  Some of the more common uses of passwords/passphrases include user-level accounts, web accounts, e-mail accounts, screen savers, voicemail, and mobile devices.

When selecting a password/passphrase, users should remember that the longer and stronger the password/passphrase, the more likely it will not be compromised.  Passwords and passphrases must be 8 characters or longer.  Longer passwords are more secure in nature than shorter ones.  Some systems may have limitations on the number of characters allowed but at a minimum you must use 8 character passwords.

Passwords and Passphrases must contain characters from three of the following four categories:

·         English uppercase characters (A – Z)

·         English lowercase characters (a – z)

·         Base 10 digits (0 – 9)

·         Non-alphanumeric (For example: !, $, #, or %)

Passwords and Passphrases must not contain your first name, last name, Colleague ID, or username.  You should also avoid common dictionary words, relative names, pet names or other information that could be easily obtained by others via common knowledge or social media.

Passwords and Passphrases must be changed every 365 days.

North Idaho College strongly encourages users to create passphrases over passwords as they tend to be longer in nature and easier to remember.  A passphrase is not the same as a password in that they are a longer version of a password.  A passphrase is typically composed of multiple words.  Because of this, they are considered more secure against “dictionary attacks”.  A good passphrase is relatively long and contains a combination of upper and lowercase letters and numeric and punctuation characters.

            Example of creating a passphrase:

            The phrase “Were off to see the wizard, the wonderful wizard of Oz” can be converted to:
            Wereofftoseethewizard!ThewonderfulWizardofOz!

            Or it may be shortened to:

            WotstwTwwoO

            You can then replace some letters with numbers:

            W0tstwTww0O  OR Were0fft0Seethewizard!Thew0nderfulWizzardof0z!

            And then add punctuation to the passphrase to add the special character requirement:

            W0tstwTww00!

            Optional:  You can add even more special characters to divide the passphrase:

            (W_0_t_s_t_w)-(T_w_w_0_O_)!  OR (W0tstw)(Tww0O)!

Protecting your password/passphrase

The following items should be considered to protect your password/passphrase:

·         Do not use the same password/passphrase for your North Idaho College account that you use for personal or other non-NIC access (e.g., personal e-mail, online banking, and social media accounts).

·         Do not share your NIC password/passphrase with anyone, including administrative assistants or secretaries.  All passwords/passphrases should be treated as sensitive and confidential at all times.

·         Do not reveal your password/passphrase to anyone over the phone.

·         Do not reveal your password/passphrase in an email message.

·         Do not talk about your password/passphrase in front of others.

·         Do not hint at your password/passphrase (e.g., my family name or pet).

·         Do not share your password/passphrase with family members or loved ones.

·         Be aware of phishing scams and emails that ask for your account credentials.

·         Do not write your password/passphrase down where others may find it.

If you suspect that your password/passphrase has been compromised, change it immediately and contact the NIC helpdesk to report it.

Please remember, the information technology department at NIC will never ask you for your password via email, online, or by phone.

100% helpful - 1 review