Password Policy

Originally Issued: May 2013

Contacts: John Dudley Don Diener Lori Temple

Download Policy Document Download Procedure Document

Policy

Passwords used to access university systems must meet the criteria established in the Office of Information Technology guidelines for passwords. Passwords must be changed at least annually to minimize unauthorized access to university systems. Passwords must not be shared, except for approved exceptions.

Related documents:

Statement of Purpose

The purpose of this policy is to:

  • Ensure that access to university systems is consistent with security best practices.
  • Establish minimum standards for passwords.
  • Ensure that all users are aware of their responsibilities in effective password management.

Entities Affected by Policy

Entities affected by this policy include all UNLV academic and administrative offices and all UNLV students, employees, and anyone who accesses university systems.

Who Should Read This Policy

UNLV students and anyone who accesses university systems should read this policy.

Exceptions

To request an exception, please complete the IT Policy Exception Form.

Exception requests will be processed within 10 business days of receipt of the request. If an exception is created, the exception will be audited on an annual basis. The owner of the system or a listed designee must respond to the annual audit and verify that the exception is still required.

Changes to the exception may only be requested by the system owner or a documented designee appointed by the owner.

Frequently Asked Questions

Is it okay to keep my password on a sticky note and keep it near my computer as long as I do not share the stickie note with anyone else?

If your password is in clear sight or can be readily found by someone else, you are in violation of the clause in the Password Policy that says “Passwords must not be shared, except for approved exceptions.” Even if it not your intention to share the password, leaving the password where it can be seen by an unauthorized person is the same as sharing the password.

Should I provide my username and password if asked to do so by someone from OIT?

No. OIT staff will never ask for your password. It is a violation of university policy for an OIT staff member to ask you to disclose your password. If logging in under your username and password is required to make a change or troubleshoot a problem, an OIT staff member will avert their eyes as you log in and then assist you.
Impersonating an IT staff person is a common ploy used by identity thieves to gain access to password-protected information. If an OIT staff member or someone claiming to work for OIT asks for your password, please decline to provide the information and call the IT Help Desk at ext. x50777 or email ithelp@unlv.edu to report the incident.

Why can't I give out my password to my coworkers because OIT is coming to work on my computer and I won't be in when they are here?

Sharing passwords is a violation of the policy. Via the OIT Service Account and Active Directory installed on many computers, OIT technicians are able to work on a computer in the user’s absence. If the user has disabled those accounts or the computer does not have the accounts, the user must be present for the computer to be repaired. Once the user is available and is able to log into the machine, OIT technicians will be able to work on the computer.

My wife is not a student. Can I share my password with her so that she can look for a job while I'm in class?

No. Sharing your login information violates the Password Policy.