Body
Purpose
The purpose of this policy is to establish guidelines and standards for creating, managing, and protecting passwords to ensure the confidentiality, integrity, and availability of SWOSU's data and systems.
Scope
This policy applies to all users, including faculty, staff, and students, who have access to SWOSU resources and systems.
Statement
SWOSU is committed to maintaining a secure environment by implementing password standards and guidelines to safeguard our data and systems.
Policy
1. Policy Overview
1.1. Passwords are a fundamental component of information security at Southwestern Oklahoma State University (SWOSU). This policy outlines the standards and guidelines for creating, managing, and protecting passwords to ensure the confidentiality, integrity, and availability of SWOSU's data and systems.
2. Password Change Requirements
2.1. All passwords, including those for email, web, desktop computer, and other systems, must be changed every six months.
2.2. Passwords must not be inserted into email messages or other forms of electronic communication.
3. Password Guidelines
A. General Password Construction Guidelines
3.1. Users are expected to select strong passwords.
3.2. Weak passwords exhibit the following characteristics:
3.3. Strong passwords exhibit the following characteristics:
-
Incorporate digits and punctuation characters, as well as letters (e.g., 0-9, !@#$%^&*()_+|-=`{}[]:";'<>?,./).
-
Do not rely on personal information, part of the username, part of any email address, or names of family members.
3.4. Passwords should never be written down or remembered in web browsers. Users are encouraged to use a password manager to store passwords securely. Users are encouraged to create memorable passwords, such as those based on song titles, affirmations, or phrases.
B. Password Protection Standards
3.5. Users must avoid using the same password for SWOSU accounts as for other non-SWOSU access, such as personal ISP accounts, external services, etc.
3.6. Users must refrain from:
-
Sharing a password with anyone, at any time, including supervisors, co-workers, colleagues, or other students.
3.7. Passwords are required to be changed once every six months. The recommended change interval is every four months.
3.8. If an account or password is suspected to have been compromised, users must report the incident to SWOSU ITS and change all relevant passwords as soon as possible.
3.9 If someone demands a password, they should be referred to this policy or directed to contact the SWOSU Information Technology Service (ITS) department.
C. Forgotten Passwords
3.9. Users may occasionally forget their password. In such cases, users can contact the SWOSU Help Desk for a password reset. To verify their identity, users must provide the necessary information as requested by the Help Desk staff.
Enforcement
Individuals who violate this policy may be subject to disciplinary action based off associated handbooks. When appropriate, SWOSU may restrict a violator’s access to SWOSU resources pending further investigation of a possible violation of this policy. Individuals who violate security policies, standards, or security procedures are subject to disciplinary action up to and including dismissal but may also include criminal or civil legal actions.
Incident Reporting
Violations of this policy should be reported to the SWOSU ITS Helpdesk via phone at (580) 774-7070 or via email at helpdesk@swosu.edu.
Policy Review
ITS Operations Administrator will be responsible for reviewing and updating this policy at least annually.
Revision & Approval History
|
Date of Change
|
Version
|
Responsible
|
Summary of Change
|
Date Approved
|
Approved By
|
|
11/02/2023
|
1
|
ITS
|
Created as policy
|
6/26/2025
|
ECC
|
|
|
|
|
|
|
|