Campus Password Policy
Authentication is one key to security. This begins with a proper password. As Duquesne University heads towards a single login, password protection becomes even more critical. This policy provides best-practice guidelines for password management.
This policy applies to all users of technology and associated processes at Duquesne. All users will include the following in their password strategy:
- A password can only be used once. You must choose a new password when resetting your Multipass.
- Each password must be at minimum nine characters in length and cannot exceed 16 characters.
- The password must contain all of the following: uppercase letters, lowercase letters, number(s). A password may not be the user ID, user name, or nickname in any form.
- A password may not be a word found in an English or foreign language dictionary.
- A password may not be readily known information such as: social security number, phone number, address, birth date, anniversary, current date, etc.
- A password may not be written or shared with another person. When a user suspects a password has been compromised, the user will change the password immediately and report the incident.
- CTS will not disclose passwords to a user via telephone conversation with the user.
Passwords must be changed at 120 day intervals. There may be times where users are requested to change password immediately, but that will be approved by administration and communicated by CTS.