Password Policy

This policy establishes a standard for creation of strong passwords and protection of those passwords within the Microsoft Active Directory/Exchange email system. This policy applies to all persons who have, or are responsible for, an account on any system accessed on the Delta State University network or computer systems.
Expiration: Date at which password for access to University systems is required to be changed meeting strong password standards.
Users are responsible for assisting in the protection of the network and computer systems they use. The integrity and secrecy of an individual’s password is a key element of that responsibility. Each individual has the responsibility for creating and securing an acceptable password per this policy. Failure to conform to these restrictions may lead to the suspension of rights to University systems or other action as provided by University Policy, State or Federal law.
Password Creation Rules:
Passwords are initially assigned when a new account is created. Users have the right and the ability to change passwords on their Active Directory/Exchange accounts at any time.
    • All passwords are required to meet the “strong password” definition.
o Passwords must be at least eight characters in length.
o Passwords must consist of a combination of upper case letters, lower case letters and numerals.
o Passwords cannot contain a dictionary word.
o Passwords cannot contain all or part of your user id.
o Passwords cannot match any of your four previous passwords.
Password Expiration:
Passwords will expire on a 180-day cycle. Advance warnings of upcoming password expiration will be sent to the designated account holder via campus e-mail beginning 30 days prior to expiration, with repeated reminders several times thereafter until the expiration date.
Any account holder may change his or her password at any time through their Active Directory Account or online password reset utility – it is not necessary to wait for expiration.
Passwords should be changed immediately and the Office of Information Technology notified whenever there is a belief that the password has been compromised.
  • Appropriate Use Statement
  • Abuse of Computers and Networks