Managing Your Passwords
Password Construction Guidelines
Passwords are used to access any number of university systems, including the network, e-mail, the Web, and voicemail. Less than secure passwords are easily cracked, and put the entire system at risk. All passwords should conform to the guidelines outlined below.
- Passwords must contain at least 8 characters.
- Passwords must contain at least 1 numerical character (e.g., 0-9) or 1 special characters (e.g., &, !, *, +).
- Passwords should not be based on well-known or easily accessible personal information.
- Passwords should not be based on a user’s personal information or that of his or her friends, family members, or pets. Personal information includes BVU Net I.D., name, birthday, address, phone number, social security number, or any permutations thereof.
- Passwords should contain uppercase letters (e.g. N) and lowercase letters (e.g. t).
- Passwords should not be words that can be found in a standard dictionary (English or foreign) or are publicly known slang or jargon.
- Try to create a password that is also easy to remember.
- The use of so-called "first-character" passwords makes it easy to comply with these guidelines. To do this, compose an easily-remembered sentence (for example, "I have worked here for 2 years") then use the first character of each word to form the password; with adding a symbol for added security, that is "Ihwhf2y$". Such a password need not be written down, and almost certainly cannot be guessed.
Password Protection Guidelines
- Passwords should be treated as confidential information.
- If someone demands your password, refer them to this policy or have them contact the Information Services Department.
- Passwords should not be transmitted electronically over the unprotected Internet, such as via e-mail. However, passwords may be used to gain remote access to university resources via BVU’s Virtual Private Network (VPN).
- You should not keep an unsecured written record of your passwords, either on paper or in an electronic file. If it proves necessary to keep a record of a password, then it must be kept in a controlled access safe if in hardcopy form or in an encrypted file if in electronic form.
- Please do not use the "Remember Password" feature of applications.
- Passwords used to gain access to university systems should not be used as passwords to access non-university accounts or information. For example, you should not use the same password for your online banking tool as your university email account.
- You should not use the same password to access multiple university systems. For example using the same password for mission critical systems is discouraged.
- If an employee either knows or suspects that his/her password has been compromised, it must be reported to the Information Services Department and the password changed immediately.
Manually changing your passwords
For information about how to manually change your BVU passwords, please read the Manually Changing BVU Passwords Acrobat .pdf document.