ICT Systems and Facilities Infrastructure Management

SIMAD University ICT Passwords

1. All SIMAD University information systems and appliances require correct user identification and authentication where the user ID and the account passwords must match correctly for security purposes
2. ICT resource systems shall be generated following the provisions of the ICT security policy of the University
3. Passwords for any account shall be classified as individual or designated owner and shall be confidential information not be shared with any other party.
4. ICT resource Users shall be liable for all activities transacted and information originating from personal accounts. . Personal accounts shall not be protected by the university

Password Validity 

ICT resources user-level passwords in all the appliances shall be changed twice per year unless there is need to urgently change the existing password to enhance the security of the systems.

ICT resource User Account Lock-Out

1. SIMAD University information systems shall be programmed to lock out the user account where the username and the password does not match and has been incorrectly and sequentially repeatedly for 3 times  
2. ICT resource Locked Out user accounts shall remain inactive until official activation request is granted and this shall be within two working hours in accordance with the provisions of account reactivation manual before a new or original user password is provided

ICT resource Password Uniqueness

1. Passwords in all SIMAD University accounts shall assume different forms for security of the user accounts
2. Where possible, same password should not be used to access multiple SIMAD University systems
3. Users may not reuse any of their last 5 passwords

Password Composition

1. All user-level & system-level passwords should not be easy guessed and shall follow the guidelines described below: –
2. User- account Passwords shall contain 3 of the 4 following character groups:
3. A to Z
4. a to z

• 0 to 9

1. Special Characters, i.e. ! ^ $ *
2. Passwords must be at least 8 characters long.
3. Any user-account password shall be composed of least 5 different characters and it shall not be any word from any language
4. Account-user Passwords shall not include personal biodata information (such as name, birthday, address, phone number, and passport number)
5. User-account Passwords cannot contain all or part of your username/ID.
6. User-account Passwords shall not be based on the SIMAD University name or its geographic location
7. User-account passwords shall be unique but easy to remember

ICT resource Password Communication

1. User-account Passwords shall not be shared verbally or through any form of electronic communication for the purpose of the system security unless for the first password or after password setup
2. Passwords shall not be stored in any form or in ICT systems except in line with the system password management regulations and procedures of the university password safe keeping
3. The “Remember Password” application feature is prohibited in all SIMAD ICT resource and facilities
4. If an employee either knows or suspects that his or her password has been compromised, it must be reported to the ICT and the password changed immediately. Users should request a new password through the automatic password reset mechanism on the application
5. Initial passwords must be communicated to users either verbally or via encrypted email.
6. Emails containing passwords should be deleted once they are read
7. First user-account passwords shall be changed as they are only to be used for the first log-in into the system