All faculty, staff, students and guests using the network are required to have a unique, identifying computer account. It is the responsibility of the individual to protect this account and password from accidental or deliberate compromise. All accounts are required to use strong passwords to help ensure their integrity. Any class-based or generic use type accounts that are used by multiple individuals are normally prohibited. Exceptions for such accounts require written approval by the Information Security Officer and will be reviewed.

Unique Computer Accounts

In order to protect the interests of the University and provide a stable network environment, it is essential that all individuals use uniquely named accounts to properly identify the owner. This account is to be used only by the individual to access their account and to use systems such as department computers, Computer Learning Centers, the general purpose UNIX systems, Blackboard, etc. Accidental or deliberate release of the password or other credential information to any account will result in the account being considered compromised and subject to remediation by Information Technology (IT).

General Purpose/Class-based Accounts

General purpose, class-based, or shared accounts are defined as accounts which more than one identified or unidentified individual use for a period of time. For example, an account used for a class project to which all individuals in the class have access would be a general purpose account. Because of the fact that these accounts are shared among multiple people, they are a high security risk to campus. Using this type of account is strongly discouraged. However, if a general purpose account is necessary, it may be approved with the written permission of the Information Security Officer. No general purpose account will be activated and maintained indefinitely. Each general purpose account will be reviewed by IT on a periodic basis, and need for its continued existence will be verified with the original requesting party (individual or department).

Account Passwords

All accounts are subject to the strong password policy governed by the University of Missouri strong password initiative. IT will periodically scan accounts within its systems to ensure that passwords meet the minimum password requirements. Owners of accounts that fail this scan will be notified by IT and will be required to change their password to one that meets the required strength.

Local System Accounts

Computer systems with local accounts are required to have a password, but are not necessarily subject to the strong passwords as indicated by the UM strong password initiative. However, in compliance with the University of Missouri system guidelines, the strong password initiative is strongly encouraged for local accounts. Any local system account that is discovered to be without a password (or any other means of authentication) is subject to isolation from the network by IT. There are allowances for special access systems and these require written approval by the Information Security Officer.

References

Password Guidelines

Note: All IT policies and procedures are subject to annual review.