Passwords

Introduction of New HWS Password Policy

Passwords are an essential aspect of computer security, and they provide an important first line of protection for the electronic intellectual property that resides at Hobart and William Smith.  Having a strong password is one way that each user can contribute to our community’s overall security.  Strong passwords help the Colleges prevent unauthorized or inappropriate access to various electronic resources like email accounts, online library resources, student information systems, financial records, file repositories, BlackBoard, and PeopleSoft.

In the past, HWS did not have a policy of enforcing minimum requirements around passwords or require that they be changed periodically.  While this may have been acceptable in the past, it creates a security vulnerability for HWS as more transactions occur over the Internet and via the World Wide Web.  The new password policy takes a balanced approach in meeting three primary objectives – ensuring the use of robust passwords; establishing time parameters that require passwords to be changed at predetermined intervals; and enabling all users to manage their HWS passwords via the web from both Mac and Windows computers.

Detailed information regarding the new password policies and procedures will be distributed to all HWS users beginning on Tuesday, March 4, 2008.  This information will contain a description of the new password requirements and the instructions for enrolling in Password Station – our new password management system.  Also included will be a list of Frequently Asked Questions (FAQs).  Once enrolled, you will have the ability to manage your password and security questions via the web, and receive automatic notifications when your password is about to expire and needs to be changed.  Please do not share your password or individual security questions with anyone. 

The new password policy has been developed in consultation with the Faculty IT Committee, Administrative IT Committee, and Senior Staff.  The successful and timely implementation of the new password policy will require everyone at HWS to participate and support this effort.  The detailed information that all HWS users receive will contain specific timing on when all users are expected to complete enrollment in Password Station and change their password.

With the increase in web-based access to services on the HWS information technology infrastructure, it is more important than ever that all HWS users have a strong password.  The combination of your HWS username and password are valuable assets, and the integrity and privacy of an individual's password is the responsibility of every HWS community member.

Letter to the HWS Community

There are three collaterals being distributed via e-mail and interoffice mail that will assist you with successfully transitioning to the new password security model. These collaterals include:

  • Instructions for enrolling in Password Station - This step-by-step guide will walk you through the process of enrolling in Password Station (our new Web-based password management system) and changing your HWS password credentials.
  • Frequently Asked Questions - This document contains a list of many questions you may have.
  • Desktop Card (sent via interoffice mail only) - This laminated card contains basic information for accessing Password Station and the new guidelines for passwords.

The successful implementation of our new password policy is dependent on all users enrolling in Password Station and changing their passwords in a timely fashion. To meet that objective, all HWS users should enroll in Password Station and change their passwords by 8 a.m. on Wednesday, April 2, 2008. Passwords for any accounts not changed by that date and time will expire, meaning that those users will not be able to logon to the HWS network until they have changed their password.

Once enrolled in Password Station and after establishing a new password, users may change their password and/or security questions at any time. As part of the new password security model, passwords are required to be changed a minimum of once every 365 days. All users enrolled in Password Station will receive automatic e-mail notification well in advance of their password needing to be changed.

To support all users through this transition, the Help Desk (ext. 4357 or helpdesk@hws.edu) will provide individual assistance to any users or departments that request it. The IT Services Web page at http://www.hws.edu/offices/it.aspx will have all the latest information and instructions regarding the password policy. As HWS transitions to this new password security model, we will likely learn and discover ways to improve and fine tune the process. Please send any feedback or suggestions for improvement directly to the Help Desk.

Thank you in advance for helping Hobart and William Smith in this critical area.

Created Aug 30, 2005 ( revised March, 2008 )
If you are having difficulty submitting a form or you have unanswered questions, please call the Support Center Help Desk at (315) 781-4357, or e-mail helpdesk@hws.edu.