Tennessee State University – Information Technology Policy
This password policy will apply to the following systems: the TSU network, TSU wireless network, myTSU, Exchange e-mail, TSU website accounts, screen saver protection, SciQuest purchasing system, eLearn (D2L) system, and INB Banner, and any other computing or network resource used on the TSU campus. Users will be forced on some systems to reset passwords every 90-180 days. As a general rule, users should reset their passwords at least every 90-180 days.
This policy establishes the requirements for creating strong passwords, the protection and management of passwords, the frequency passwords are to be changed, and password privacy.
Strong password construction criteria at TSU is:
Must be at least eight (9) characters in length
Must contain at least 1 uppercase letter (A–Z)
Must contain at least 1 lowercase letter (a-z)
Must contain at least 1 or more numbers (0-9)
Additionally, the construction of passwords should not:
Include a word in any language, slang, dialect, jargon, etc.
Be based on personal information, names of family, birthdates, etc.
Password Management and Protection
- Passwords must not be inserted into email messages or other forms of electronic communication
- Do not share TSU passwords with anyone, including administrative assistants or secretaries. All passwords are to be treated as sensitive TSU information
- Do not reveal a password over the phone to anyone
General Password Construction Guidelines
Weak passwords have the following characteristics:
- Contains less than eight characters
- Forms a word found in a dictionary (English or foreign) or is a common usage word such as:
- Names of family, pets, friends, co-workers, fantasy characters, etc.
- Computer terms and names, commands, sites, companies, hardware, software.
- The words "TSU" or any derivation
- Birthdays and other personal information such as addresses and phone numbers.
- Word or number patterns like aaabbb, qwerty, zyxwvuts, 123321
- Uses any of the words referenced above spelled backwards
- Uses any of the above preceded or followed by a single numeric digit (e.g., secret1, 1secret)