Privacy and Security
Notice
Helpdesk | Services | Scientific Computing |
Networks | Telecommunications
| CAD/CAE | Policies
Password Regulations
Password Rules
Note: For procedures on changing passwords, see http://cc.jlab.org/docs/services/cue/password.html.
In accordance with DOE Notice 205.3 and guidance in 205.3-1, all
passwords in use on any system at Jefferson Lab must be in
accordance with the following rules and guidelines.
Password Selection
- Password contains at least eight non-blank characters, provided such
passwords are allowed by the operating system or application. Your password
can be longer than eight characters, but not less than.
- At JLAB the only exception may be certain single-board
computers.
- Password contains a combination of letters (a mixture of
upper and lower case), numbers, at least one special character, all within the
first eight positions, provided such passwords are allowed by the operating
system or application.
- At JLAB the only exception may be certain single-board
computers.
- Password contains a non-numeric in the first and last position.
- Password does not contain any part of your username or common name.
- Password does not include the user's own or, to the best of his/her
knowledge, close friends - or relatives - names, employee serial number, Social
Security number, birth date, phone number, or any information about him/her
that the user believes could be readily learned or guessed.
- Password does not, to the best of the user's knowledge, include
common words that would be in an English dictionary, or from another language
with which the user has familiarity.
- Password does not, to the best of the user's knowledge, employ
commonly used proper names, including the name of any fictional character or
place.
- Password does not contain any simple pattern of letters or numbers,
such as "qwertyxx' or "xyz123xx".
IMPORTANT -- All password requirements MUST be met in the first 8 characters of your password
(at least one uppercase, one lowercase, one numeric, and one special character).
Password Protection
Individuals must not:
- share passwords; the only exception is "in emergency circumstances or
when there is an overriding operational necessity".
- You must get prior agreement from the Computer Center Security
officer before sharing passwords.
- leave clear-text passwords in a location accessible to others or
secured in a location whose protection is less than that required for
protecting the information that can be accessed using the password;
- enable applications to save passwords for subsequent re-use.
- this includes e-mail - do not let it remember your password.
Password Changing
Passwords must be changed:
- at least every 6 months;
- immediately after sharing;
- as soon as possible, but within 1 business day after a password has
been compromised, or after one suspects that a password has been
compromised;
- on direction from management.
This document is maintained by
{helpdesk@jlab.org}
Copyright Jefferson Lab 2007
