|Approved:||Chief Information Officer
|Supersedes Policy Dated:
||May 27, 2004
||September 9, 2011
|Person with Primary Responsibility:
||Director of IT Security
Passphrases are used to authenticate users for access to university computing systems and electronic information. A compromised passphrase can risk disclosure of more than just an individual's email and personal files. It almost always risks disclosure of other sensitive information related to student affairs, personnel issues and patient care. The purpose of this standard is to ensure that all users select strong passphrases that are difficult to guess, crack or otherwise compromise.
The following minimum requirements shall apply to all computing systems attached to the East Carolina University campus computing network.
- Upper case letter
- Lower case letter
- Special character (e.g., !, @, #, *, ?)
System Administration, Network, and Security (SANS) Institute Passphrase Policy, www.sans.org/resources/policies/Password_Policy.pdf (pdf)