Lehman College Password Management Guidelines
Passwords are critical to maintaining the security and integrity of CUNY and Lehman systems. Consistent with CUNY's IT Security Policy, the Lehman College Information Technology Division recommends the following for managing passwords. These guidelines reflect the need to balance risk and compliance while facilitating the ability to interact with Lehman and CUNY IT systems.
Password Requirements: CUNY's IT security policy requires that passwords be reset every 90 days. If you use a Lehman system (email, Lehman Connect, etc.), you will receive an email 10 days before the expiration of your password. Note: register your Lehman account in the Self-Service System to change or reset a forgotten or expired password.
Passwords must be:
- At least 8 positions in length (additional positions strengthen the password)
- Contain at least one Uppercase letter (A, B… Z)
- One lowercase letter (a, b…z)
- One number (1-999, etc.)
- Special characters (#, $, %, etc.) are also useful to strengthen your password.
Passwords must be changed every 90 days. You will receive an email ten days before your password expires reminding you to change your password.
If you have not done so, use the Self-Service Password Management tool to register your account before changing your password at http://www.lehman.edu/sspm Repeated access attempts using an incorrect password will lock the user ID. Should this occur, please contact the Help Desk in person at Carman 108, or by email at email@example.com The same password cannot be re-used when a new password is created. Consider a new password that is significantly different from the previous password.
- Never write down, email or share your password with others, even IT administrators and staff members.
- Passwords should be long and complex - but not so long and complex that they can't be remembered.
- Form a longer password by combining two or more words without spaces.
- Consider using a password constructed from the first letter from each word of a favorite song, poem, or quotation. An example might be, 'An overflow of good converts to bad!' The password becomes: Aoogc2b!
- Don't use your Lehman password on external systems – this may impact the security of College systems.
- Don't check the "Remember my password" box in web browsers. If you store passwords, use an encrypted password store using a complex password.
Passwords should not contain:
- Your user ID or common phrase, such as "password"
- Personal information (e.g., family names, birth dates, zip codes, etc.)
Passwords can be changed as frequently as needed. Change your password if you believe that someone has discovered it or if you have used a publicly shared computer.
If you have any concerns or questions regarding the information contained in this document, please contact the College IT Security Officer at 718-960-8421.
Last modified: Feb 10, 2012