Date Established: 4/29/2008
Date Last Revised: 5/25/2021
Category: Information Technology
Responsible Office: Information Security Office
Responsible Executive: Vice President and Chief Information Officer
Compromised digital credentials can adversely affect the confidentiality and integrity of university information technology systems and information. Therefore, UBITName account holders are required to create strong passwords and protect the privacy of their password.
The University at Buffalo (UB, university) is committed to ensuring the confidentiality, integrity, and availability of its online information technology (IT) resources and information systems. Digital credentials are a fundamental component of the university's approach to information security. A UBIT digital credential is composed of a UBITName and its associated password. UBITName account holders must create strong passwords and protect password privacy to prevent and minimize compromised digital credentials.
A UBIT digital credential:
UBIT passwords must be:
Violators of this policy will be subject to the existing student or employee disciplinary procedures of the university. Sanctions may include loss of computing privileges. Illegal acts involving UB computing resources may also subject users to prosecution by state and federal authorities.
This policy establishes minimum standards for UBITName passwords. This policy applies individual accountability to the protection of university passwords.
UB relies on a digital credential to validate a person’s identity. This process enables authorized individuals to access online IT resources and information systems. A digital credential constitutes a first line of defense in protecting access to online IT resources and information systems.
Technical protective measures in response to violations of this policy, detection of UBIT digital credential compromise, or password exposure may include suspension, password-reset, disabling UBITNames, de-registration or removal from wired and wireless network access, and loss of access to systems or file shares with little or no notice. Reactivation or reinstatement may require coordination with the UBIT Help Center.
This policy applies to all individuals with customer accounts and system accounts in any university IT system capable of interfacing with university authentication systems.
Consists of a string of letters, numbers, punctuation, spaces, and other characters. The term password and passphrase are often used interchangeably.
UBIT Digital Credential
Composed of both a UBITName and its associated password. A UBIT digital credential is classified as Category 1- Restricted Data.
University username used to log into a variety of campus services that require authentication or identify verification.
|May 2021||Full review. Updated the policy to: |
● Revise the following:
◦ Policy Statement
▫ State the university's commitment to ensuring the confidentiality, integrity, and availability of its online information technology (IT) resources and information systems
▫ State the requirements of UBIT digital credentials and passwords
▫ Include a reference to creating a secure UBITName password or passphrase
◦ Background section
▫ Include examples of protective or corrective measures
● Remove the following sections:
◦ Password Strength Requirements
◦ Password Refresh (Aging)
◦ System Requirements
● Add the following sections: