Password Policy


Effective: 8/1/24
Contact:
Chief Information Security Officer / Chief Information Security Officer

This password policy document applies to any account utilized for official William Jewell College business or operations, encompassing all systems and platforms where your William Jewell College email serves as a registration credential or where any data associated with William Jewell College is stored. Whether accessing academic resources, administrative tools, or communication platforms, this policy ensures uniformity and rigor in password management practices across our digital ecosystem. By adhering to these guidelines, you not only safeguard sensitive information but also uphold the integrity and security standards of William Jewell College.

Password Complexity Requirements

  • Passwords must be at least 12 characters long.
  • Passwords must contain a combination of upper and lower case letters, numbers, and special characters (!, @, #, $, %, etc.).
  • Passwords must not contain easily guessable information such as names, birthdates, or common words.

Password Management

  • Do not share passwords with anyone, including IT staff. IT staff will never ask for your password.
  • Never write down passwords where they can be easily accessed or seen by others.
  • If you suspect your password has been compromised, change it immediately. Password

Change Frequency
All faculty and staff are required to change their passwords every six (6) months. This helps to mitigate the risk of unauthorized access to sensitive information.

Password Storage
Utilization of Password Management System: All faculty and staff are required to utilize the password management system "Dashlane" for the secure storage and management of passwords tied to William Jewell College accounts. Dashlane provides a robust platform for securely storing and generating complex passwords, facilitating seamless access to various systems and platforms while maintaining the highest standards of security. By utilizing Dashlane, individuals can enhance password security, streamline password management practices, and mitigate the risk of unauthorized access to William Jewell College accounts. It is imperative that all passwords associated with William Jewell College accounts be stored exclusively within Dashlane to ensure compliance with our security protocols and safeguard sensitive information.

Multi-Factor Authentication (MFA)
When available, please enable MFA controls on any third-party application’s log-in associated with your William Jewell College email or accounts used for official William Jewell College business. If the third-party application does not utilize multi-factor authentication to access the tool, the user may submit a help ticket to Information Technology (IT) who will review and advise the user on the proposed tool’s use and appropriate safeguards. Third party tools which do not provide MFA are not prohibited from use, however, the user is responsible for reviewing the thirdparty application’s terms of use to ensure proper security safeguards are applied to any William Jewell College data which may be shared with the third-party application.

Account Lockout
Accounts will be temporarily locked after a specified number of failed login attempts to prevent brute force attacks. Contact IT support to unlock your account if necessary.

Reporting Security Incidents
Report any suspected security incidents or unauthorized access to Information Security immediately by contacting infosec@william.jewell.edu.

Training and Awareness
Faculty and staff will receive regular (mandatory) training and updates on security best practices to ensure compliance with this policy and must be completed within stated deadlines.

Password Expiration
Passwords will expire automatically after six months. Users will be prompted to change their password upon expiration.

Password Reuse
Do not reuse old passwords when creating a new one.

Remote Access
When accessing college systems remotely, ensure you are using a secure connection via a Virtual Private Network (VPN) and avoid using public Wi-Fi networks whenever possible.

Responsibility
It is the responsibility of each faculty and staff member to adhere to this policy and maintain the security of their accounts and the college's data. Enforcement of this policy is managed collectively by Information Technology (IT) and Information Security (InfoSec).

Policy Review
This policy will be reviewed annually and updated as necessary to address emerging security threats and technologies.

Failure to comply with this policy may result in disciplinary action, up to and including termination of employment.