Home » Services and Admin » ICT Service » Policy Documents » Strong Password Policy

Strong Password Policy

The European Union advocates certain "data security" measures in all EU organizations. As part of the Institute's compliance with such guidelines, the ICT Service adopts the so-called "strong password" policy.

 

 

Scope

Even though you yourself may not store any confidential data on your own PC, your account could serve as a gateway for attackers to access sensitive data on other machines on our internal network, or even compromise the functioning of the EUI system as a whole.

The login/password combination identifies you as an individual person. You are responsible for all activities carried out under your login name and you must not give out your password to anyone else.
 

All newly arriving EUI members are forced to change their initial computing account password at first login. To increase the protection of your account on the EUI network, you will be required to use strong passwords that do not match your previous passwords.

You can change your EUI Password at any time following the Password Guidelines. Weak passwords are one of the easiest ways for hackers to break into a computer. Passwords that are used for years at a time, or passwords that are reused frequently, are also much more likely to be discovered by an attacker.

 

Requirements

Complexity requirements for "strong passwords" are based on the following rules:

  • The password is between 8-16 characters long
  • The password contains characters from 3 of the following 4 categories:
    • standard uppercase characters (A - Z)
    • standard lowercase characters (a - z)
    • numbers (0 - 9)
    • symbols: only from among ! % - _ + = [ ] { } : , . ? < > ( ) ;
  • The password does not contain your account name or any part of your full name
  • The password does not contain characters only found on a particular national keyboard (e.g. ö, ë, å, ñ, é)

 

Constraints

There are a series of restrictions on changing your EUI computing account password:

  • You will not be able to change your password more than once in the space of 2 days
  • You will not be able to re-use a previous password until it has been changed a total of 10 times
  • EUI Administrative Staff and Faculty, and collaborators from external firms who are entitled to an EUI computing account, will be forced to change their password every 12 months

 

 

Page last updated on 08 November 2019