The purpose of this document is to provide guidance on the creation and management of account passwords in order to protect university information resources and reduce the risk of compromised accounts. For more information on password requirements, please see the UNC Charlotte Standard for Account Passwords.
The guideline applies to all UNC Charlotte staff, faculty, students, associates, affiliates, contractors, volunteers, or visitors who have or are responsible for an account (or any form of access that supports or requires a password) on any system housing university information or that has access to the UNC Charlotte network.
Direct any general questions about this guideline to your unit’s Information Security Liaison. If you have specific questions, please contact ITS Information Security Compliance at ISComplianceemail@example.com.
Consider these recommendations when selecting a password:
- Passwords should not contain your last name, first name, or email address.
- Avoid using dictionary words in passwords.
- Consider using a “passphrase” that will be easy to remember and substitute some letters with numbers or symbols.
Follow these steps for keeping passwords secure:
- Treat passwords as confidential information and do not share them with others.
- Do not use passwords created to access University systems for non-University systems.
- Do not use the "Remember Password" feature in browsers and applications.
- Do not store passwords in a file unless the file is encrypted.
- If you know or suspect your account or password has been compromised, report the incident to SecurityIncidentfirstname.lastname@example.org and change the password immediately.
ISO/IEC 27002 was adopted by The University of North Carolina at Charlotte in 2012. All standards and guidelines are based on this code of practice for Information Security Management.
Initially approved by Information Assurance Committee 9/04/14