I. Introduction
Passwords are a critical component of Earlham’s approach to ensuring only authorized users access our digital tools.
II. Standards
A. Passphrases (Recommended)
Earlham encourages using a passphrase. Passphrases are a type of password that is composed of multiple words and tend to be easier to remember and more challenging to hack due to their length. A passphrase should contain 3 or 4 randomly chosen words that are typed including spaces.
Passphrases should be at least 15 characters long and include at least three types of characters (lowercase letters, uppercase letters, numbers, and special characters). Examples include:
- MountainHikesAreRefreshing2359
- SunsetsAreBeautifulInJuly4231!
- CoffeeLoversUniteEveryMorning!
- Reading-Books-Under-Starry-Skies
B. Password Requirements
- Password is case sensitive.
- Must be at least 10 characters long.
- Must not be the same as your previous password.
- Must not repeat any character sequentially more than 3 times.
- Must not include any of the following words: password, test, Earlham
- Must not include all/part of your name or user name.
- Must be scored as strong based on the password strength checker.
All Earlham account holders should adhere to the following password practices:
- Passwords should not be shared with anyone. This includes family, assistants, coworkers, and ITS.
- Passwords should be unique; avoid using the same password for work and personal accounts.
- Passkeys may be used.
C. Two-Factor Authentication
Earlham College requires the use of two-factor authentication for all user accounts that have access to RESTRICTED or SENSITIVE OR INTERNAL college data as defined in the college’s data classification policy. Earlham uses Duo for two-factor authentication.
D. Password Managers
Use of a password manager (such as BitWarden, 1Password, and KeePass) is encouraged. Departments and employees that manage a large number of Earlham passwords should consider leveraging Earlham’s password manager.
IV. Standards Review
These procedures are reviewed periodically by Information Technology Services.
Clerical Notes
Amended November 2024:
Emphasized focus on passphrases; expanded Two-Factor Authentication to include SENSITIVE OR INTERNAL documents; added password manager details.
Previously titled Password and Authentication Standards
Policy specifications
Last revision: | 11/25/2024 |
Responsible office: | Information Technology Services |
Responsible party(ies): | Chief Information Officer (Jason Blunk) |
Approved by: | COO (Chris Little) |
Effective date: | 12/16/2019 |
Related policies: | Information Security Policy |
Associated division(s): | All Divisions, Offices, etc. |
Associated audience(s): | Entire Campus Community |
Associated container(s): | Information Technology |
Policy home: | https://earlham.edu/policy/password-standards |