UMES Information Technology Password Policy
To face the important issue of poor password management, and to adhere to State policies, the UMES Information Technology Department has created a domain-wide password policy. This will affect the password you use for your single sign-on domain account used for computer login, e-mail, WebCT, ImageNow and HawkWeb. The following information is provided to help understand the password policy so everyone can make a seamless transition.
The effects of poor password management on security and financial health are well documented. Attackers often gain access to sensitive data through weak or stolen passwords. Additionally, attackers can use accounts to launch sophisticated and dangerous intrusions into an organization’s IT systems. Also at stake when not practicing good password techniques is your personal identity and welfare, such as access to your bank account website.
How to Change Your Password
There are a couple ways to change your password:
- While logged on to a campus domain computer, hit the CTRL+ALT+DEL key combination while logged on. There will be a button for ‘Change Password’.
- From any computer on the Internet the password can be changed online. Point your browser to the UMES website and click the ‘Web Mail’ button to enter the Outlook Web Access login page. In the Support and Assistance section of the login page there is a link to ‘Change your password’.
The Password Policy
Password Length – 8 characters minimum
Passwords will require a mandatory minimum length of 8 characters.
Password Age – 120 Days Maximum
Passwords will be required to be changed to a different password every 120 days. To make sure your account does not get locked out, we recommend you change your password before you leave the campus for an extended period of time , such as Summer break.
Password Age – 2 Days Minimum
A password that is changed must be kept for a minimum of 48 hours. This means once you change your password, you cannot change it again for 2 days.
Password History – 6 Unique Passwords
There are also rules set to how often you must make your password unique. You cannot change your password to the same password you had the past 6 times.
Lockout
If you incorrectly enter your password more than 4 times in 30 minutes your account will be locked. The only way to have your account unlocked is to contact one of our IT professionals at the Help Desk. Students should be prepared to give their 7-digit UMES ID Number to have an account unlocked.
Complexity
The password must be ‘complex’. The following items are considered a part of a complex password:
Password not be a simple word (e.g. password, welcome, hello)
Password not include three or more characters from the user name
Password contain characters from at least three of these categories:
English uppercase letters (A – Z)
English lowercase letters (a – z)
Base 10 digits (0 - 9)
Non-alphanumeric (for example: !, $, #, or %)
Future Item – Pre-Expired Password
In the near future an additional password policy of pre-expiration will be in effect. This means that any password reset by an IT support professional will force the user to change the password upon first logon. We will issue an announcement when this policy takes place.
Frequently Asked Questions
Do I have to change my password as soon as new password policy goes in effect?
You will be required to change your password right away if you have not changed your password in the past 120 days.
I’m having problems logging in. How can I find out if my account has been locked?
Currently the only method is to contact the Help Desk. We hope to have a way of checking this online soon.
What is the single sign-on domain account? What systems that I access use this?
The single sign-on is the single account username and password used for most popular applications at UMES. This is also known as your NT account or Active Directory account. The systems that currently use this single sign-on are domain computer logon, web mail (Outlook Web Access), HawkWeb, WebCT, ImageNow and various UMES web applications.
Is the single sign-on domain account the same as what I use to do my time sheet?
No, the online timesheet application uses a separate username and password. That site does not adhere to UMES password policies.
I'm having problems changing my password, what's wrong?
Check that you are entering more than 8 characters for your password. Also make sure you are typing it in properly without the CAPS LOCK key on, as passwords are case sensitive. Also note that you can only change your password once every 48 hours.