HCC Ybor Campus HCC SouthShore Campus HCC Plant City Campus HCC District Administrative Offices HCC Dale Mabry Campus HCC Brandon Campus

1.       PURPOSE

This policy establishes conditions for use of, and requirements for appropriate security for the Hillsborough Community College Network Account (NetID). These requirements are necessary to help ensure personal security, protect business and academic computing resources, and to meet information security legal requirements and standards.

 

2.       DESCRIPTION

The NetID is a User ID and password combination that serves as the primary digital identity at HCC when accessing computing resources. It provides the foundation for digital identity authentication (proving who one is) and authorization (what one has access to once authentication occurs).

The NetID provides access to a wide range of computing services such as the network access, email, and wireless access. Individuals may need additional NetID accounts for specialized services.

 

3.       SCOPE

This policy applies to every person using a NetID at any time or location. This includes all students, faculty, staff, alumni, retirees, continuing and distance education students and other College affiliates.

 

4.       POLICY

4.1.    System Requirements

4.1.1.  OIT systems require passwords for a newly activated NetID to be changed at first use.  This ensures that only the person who has been assigned the account knows the password.

4.1.2.  OIT systems force expiration of NetID passwords once every 90 days for employees and every 180 days for students.

4.1.3.  OIT systems require passwords to meet a minimum length of 8 characters.  OIT requires the creation of strong passwords which contain numbers and/or punctuation marks.  See password best practices for tips on how to create a strong password that is easy to remember but hard to crack.

4.1.4.  OIT systems retain a history of three passwords. This means that the last three passwords cannot be reused. When the Network Account password is changed, the account owner must create a password that is different from the last three passwords. OIT strongly encourages account owners to avoid reusing old passwords.

4.1.5.  Password can only be changed a minimum of once every 10 days.  This is to prevent the premature cycling of passwords to maneuver around the password history clause.  Should you need to have your password reset, contact the OIT Helpdesk.

4.1.6.  Consecutively entering an invalid password 5 times within 14 minutes will cause an account to be locked out.  After 25 minutes, the account will automatically unlock.  This clause prevents a brute-force password attack against an account.

 

4.2.    Individual Responsibilities:

NetID owners are expected to:

           Comply with the College’s Acceptable Use Policy.

           Create a strong password; see Password Creation Guidelines below.

           Change the password at least once a year, or more frequently as needed to maintain password security.  Individuals are responsible for changing their password before it expires, to avoid disruption of access to HCC services. See Password Expiration below for additional details.

           Safeguard the password. For example, individuals should not write down or store the password on paper or on a computer system where others might acquire it. See protect your password from misuse for additional guidelines.

           Never share the password, even with a best friend, roommate, or relative.

           Reserve the NetID and password for authorized HCC systems and services only. Individuals should create a different username and password for external services such as stores, banks, music services, Web sites, personally owned computers, or other systems.

All use of the HCC NetID is assumed to be performed by the person assigned to that account. Account owners are held responsible for all activities associated with their accounts.

Failure to conform to these requirements may lead to suspension of account privileges or other action as provided by College Policy or law.

 

4.3.    Password Creation Guidelines:

The following password creation guidelines are based upon experience and common sense. The software used to change passwords will screen for most of these guidelines as an aid in creating secure passwords. This does not relieve a person of responsibility for creating and securing a good password.

           It must be at least eight characters in length. (Longer is generally better.)

           It should contain at least one alphabetic and one numeric character.

           It must be significantly different from previous passwords.

           It cannot be the same as the NetID.

           It should not start or end with the initials of the person issued the NetID.

           It should not include the first, middle, or last name of the person issued the NetID.

           Certain special characters may be used as indicated at password best practices. However, note that some applications might not accept special characters; see password best practices for additional information.

           It should not be information easily obtainable about you. This includes license plate, social security, telephone numbers, or street address.

 

4.4.    Password Expiration:

HCC requires that all NetID owners change their passwords on designated intervals.

           For employee accounts, passwords will expire exactly 90 days from the date and time of the last change.

           For student accounts, passwords will expire exactly 180 days from the date and time of the last change. OIT strongly encourages all individuals to change their password before it expires, in order to avoid disruption of access to College services.

In addition to the College’s password change requirement, OIT encourages individuals to change passwords more frequently throughout the year. The password should be changed immediately if an account owner believes that it has been compromised (for example, if there is a possibility that another person may have viewed or acquired the password).

Individuals who allow their HCC NetID account password to expire or forget their password must contact the HCC Live Contact center for assistance.

 

5.       EXCEPTIONS:

Exceptions to this policy must be applied for in writing and will be authorized only by the OIT Security Department.

 

6.       DISTRIBUTION:

This policy is available on the Web at http://www.hccfl.edu/oit.aspx.

 

7.       CHANGE:

OIT may change this policy at any time subject to the review of the Vice President of Information Technology.

 

8.       REVISION HISTORY

Date

Description

 

06/16/2009

Initial policy draft.

OIT

07/01/2010

Designated as OIT Official Policy.

Gorham, Stephen

03/01/2012

Corrected references to NetID; added student controls.

McCray, Adrian