Guideline for Account Passwords
The purpose of this document is to provide guidance on the creation and management of account passwords in order to protect university information resources and reduce the risk of compromised accounts. For more information on password requirements, please see the UNC Charlotte Standard for Account Passwords.
The guideline applies to all UNC Charlotte staff, faculty, students, associates, affiliates, contractors, volunteers, or visitors who have or are responsible for an account (or any form of access that supports or requires a password) on any system housing university information or that has access to the UNC Charlotte network.
Direct any general questions about this guideline to your unit’s Information Security Liaison. If you have specific questions, please contact OneIT Information Security Compliance at ISCompliancefirstname.lastname@example.org.
Consider these recommendations when selecting a password:
- Passwords should not contain your last name, first name, or email address.
- Avoid using dictionary words in passwords.
- Consider using a “passphrase” that will be easy to remember but substitute some letters with numbers or symbols to avoid dictionary words.
Follow these steps for keeping passwords secure:
- Treat passwords as confidential information and do not share them with others.
- Do not use passwords created to access University systems for non-University systems.
- Do not use the same password for a privileged account that is being used for your primary University account.
- Do not use the “Remember Password” feature in browsers and applications.
- Do not store passwords in a file unless the file is encrypted.
- If you know or suspect your account or password has been compromised, report the incident to SecurityIncidentemail@example.com and change the password immediately.
- University Policy 311 Information Security
- Standard for Account Passwords
- Standard for Responsible Use
- ISO/IEC 27002
ISO/IEC 27002 was adopted by The University of North Carolina at Charlotte in 2012. All standards and guidelines are based on this code of practice for Information Security Management.
Initially approved by Information Assurance Committee 9/04/14