I. Scope

The password and authentication standards listed apply to all Earlham accounts and other passwords, PINs, or other credentials that exist to identify and authorize an individual for access to accounts, computers or systems meant for that person alone to perform their College work activities

II. Introduction

In order to protect College information, computers, and networks from unauthorized access that might compromise student or employee privacy or other institutional imperatives, the College must take reasonable steps to ensure that authorized accounts are protected.

III. Policy

A. Password Requirements

  • Password is case sensitive.
  • Must be at least 10 characters long.
  • Must not be the same as your previous password.
  • Must not repeat any character sequentially more than 3 times.
  • Must not include any of the following words: password test Earlham
  • Must not include all/part of your name or user name.
  • Must be scored as strong based on the password strength checker.

All Earlham account holders should adhere to the following password practices:

  • Earlham account passwords will be required to be changed once every 365 days (1-year).
  • Passwords should not be shared with anyone, including family, assistants, or other coworkers (even ITS staff!)
  • Passwords should be unique.
    • Do not use the same password you have at Earlham for personal accounts, for example.
    • The first thing hackers will try if they obtain your password is to log into online banking, credit card, amazon.com, and other services with the same credentials.

B. Passphrases

Earlham College encourages you to use a passphrase instead of a password. Passphrases are simply longer passwords that are more natural for a human to remember but much harder for a computer to crack because they are so long. A good passphrase is composed of 3 or 4 randomly chosen words that are typed including spaces. It’s important that the passphrase be a random assortment of words and not an actual phrase one would hear in a sentence.

Passphrases should be at least 20 characters long, but many people find they are just as fast to type since they are much more natural and less awkward than most passwords. Remember to include at least three types of characters in your passphrase (lowercase letters, uppercase letters, numbers, and special characters). Since they are easier to remember and harder for computers to crack, passphrases are a win/win!

C. Two-Factor Authentication

Earlham College requires the use of two-factor authentication for all user accounts that have access to RESTRICTED college data as defined in the college’s data classification policy. Two-factor authentication provides a second layer of security to any type of login, requiring extra information or a physical device to log in, in addition to your password. By requiring two different channels of authentication, we can protect user logins from remote attacks that may exploit stolen usernames and passwords.

IV. Policy Review and Approval

These standards are reviewed periodically by Information Technology Services.

Policy specifications

Last revision: 12/16/2019
Responsible office: Information Technology Services
Effective date: 12/16/2019
Related policies: Information Security Policy
Associated division(s):
Associated audience(s):
Associated container(s):
Policy home: https://earlham.edu/policy/password-and-authentication-standards