welcome back to student data privacy fundamentals. This lesson is on password security.
In this video, you will learn recommendations and guidelines for password security.
Here. You'll want to explain a little bit about how your district addresses passwords, security, For example, The district requires the use of strictly controlled passwords for network access and for access to secure sites and information.
All staff passwords to district systems shall meet or exceed the following requirements. Where possible. All student passwords shall follow staff password policies whenever possible.
Then you will want to list the specific requirements for your organization. Here are some specific examples that you can use or adjust to fit your district's needs.
District network Access to resource is managed through active directory or a single sign on should require passwords that are strong. Meeting the following complexity requirements at least eight characters in length. At least one uppercase letter. At least one lower case letter. At least one special character.
users will not be allowed to use your two previous passwords.
Users. Passwords must not include his or her first or last name or district user Name and password must be reset at least once per semester.
Quiz. Consider these password requirements. Are there any additional that you think would be beneficial or any listed here? That you see is unnecessary.
Now you will want to state some guidelines for password security. For example, passwords shall never be shared with another person. Outside of the technology department.
Every password shall be changed every 180 days and be different from previous two passwords.
Every password shall use two factor authentication whenever possible.
User created passwords should adhere to the same criteria as required for district network access. As outlined previously,
passwords shall never be saved when prompted by any application. With the exception of single sign on systems as approved by the Technology department,
passwords shall not be programmed into a PC or recorded anywhere that someone may find and use them
when creating a password for secure information or sites. It is important to avoid passwords that are easily guessed due to their association with the user. For example, your child's name, your pets name or your birthday.
Users and employees who have reason to believe a password is lost or compromised must notify the I so or designee as soon as possible. The technology department will verify the identity of the person or questing the change before resetting the password.
Where possible system software should enforce the following password standards. Passwords routed over a network shall be encrypted.
Passwords shall be entered in a non display field
system. Software shall enforce the changing of passwords and the minimum length
system. Software shall disable the user password when more than five consecutive invalid passwords or given
system software should maintain a history of previous passwords and prevent there being easily guessed due to their association with the user.
Lockout time shall be set at a minimum of 30 minutes.
In today's video, we discussed recommendations for secure passwords, including specific requirements and guidelines for password management. Reset, etcetera.
In our next lesson, we will tackle the technology disaster recovery plan.