What is this service?
Passwords are an important aspect of computer security. They are the front line of protection for user accounts. A poorly chosen password may result in the compromise of a user’s data and ultimately lead to unauthorized access of UHD's network and information systems. As such, all UHD employees, students (including contractors and vendors with access to UHD systems) are responsible for taking the appropriate steps to select and secure their passwords.
The purpose of this procedure is to establish a standard for creation of strong passwords, the protection of those passwords, and the frequency of change.
Password Guidelines
- All production system-level passwords must be part of the Information Technology Technical Services administered global password management database.
- All users are required to change their passwords at least once every 180 days. Please note that the university’s password standards enforce password history by prohibiting the reuse of old passwords.
- Account lockouts are enforced at a minimum of 5 failed attempts and locked out for a minimum of 15 minutes.
- Administrative accounts for High risk systems will remain locked until reset by an administrator.
- User accounts that have system-level privileges granted through group memberships or programs such as "sudo" must have a unique password from all other accounts held by that user.
- All UHD user account passwords must conform to the password standards described below.
Who may use this service?
Faculty, Staff and Students
Password reset is a self service process at UHD.
- Go to the Self Service Reset page.
- Follow the on-screen instructions to obtain a temporary password.
For password reset guidance, please click here for further instructions on how to reset your password.
Special Considerations
Password Protection Standards
Do not use the same password for UHD accounts as for other non-UHD access (e.g., personal ISP account, option trading, benefits, etc.). Where possible, don't use the same password for various UHD access needs. For example, select one password for the Engineering systems and a separate password for IT systems.
Do not share UHD passwords with anyone, including administrative assistants or secretaries. All passwords are to be treated as sensitive, Confidential UHD information.
Here is a list of best practice "don’ts" for your reference:
- Don't reveal a password over the phone to ANYONE.
- Don't reveal a password to the boss.
- Don't talk about a password in front of others.
- Don't hint at the format of a password (e.g., "my family name").
- Don't reveal a password on questionnaires or security forms.
- Don't share a password with family members.
- Don't reveal a password to co-workers while on vacation.
- Don’t create a password binder to store passwords.
- Don’t use the "Remember Password" feature of applications.
- Don’t store passwords in a file on ANY computer system (including mobile devices) without encryption.
- Don’t insert passwords into email messages or other forms of electronic communication.
IMPORTANT: UHD, or other legitimate entities (including banks, airline companies, PayPal, eBay and the IRS) WOULD NEVER request that you submit personal information such as passwords, social security numbers, birthdates, etc. by replying to an e-mail message. It is also important to avoid visiting links or opening attachments associated with any messages of this type.
If someone demands a password, refer them to this document or have them call someone in Information Technology.
If an account or password is suspected to have been compromised, report the incident to Information Technology and change all passwords.
Enforcement and Consequences
Any employee found to have violated this procedure may be subject to suspension of their UHD network and system access and/or disciplinary actions.
For assistance please call us at 713-221-8031 during our normal business hours and speak with a technician directly so they may verify your identity.