Password Policy

students with computers in quad

Overview

Passwords are an important aspect of computer security. They are the front line of protection for user accounts. A poorly chosen password may result in the compromise of George Fox University's entire network. As such, all George Fox employees (including contractors and vendors with access to George Fox systems) are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.

Purpose

This Policy describes the University's requirements for acceptable password selection and maintenance. Its purpose is to reduce overall risk to the institution by helping computer users reasonably avoid security and privacy risks that result from weak password choices and to encourage attention to password secrecy.

It is the responsibility of everyone to keep their passwords secret. Passwords are considered confidential information and shall not be shared or transferred to others.

Your password should be unique to your George Fox account and should not be used for other accounts. 

Passwords should not be written down. Where it is considered necessary to store passwords off-line, passwords shall be protected by some other level of security (e.g., Physical Security mechanism such as a locked safe or cabinet).

Do not use the "Remember Password" feature of applications (e.g., Firefox, Internet Explorer, Chrome, Outlook).

Where technically and operationally feasible, passwords shall not be electronically stored, cached, or transmitted in clear text.

Scope

This Policy applies to all users of George Fox-owned and maintained systems and George Fox-provided IT services and resources. This includes, but is not limited to, George Fox faculty, staff, students, associates, business partners, and contractors.

Strong Password Best Practices

To qualify the password must:

  1. Be made up of at least eight characters
  2. Not be a word found in the dictionary or be among passwords that are easy to guess, such as birthdays, names of pets, or easily identifiable words and phrases like 'gobruins' or 'bruinden'
  3. Be difficult to guess
  4. Include no less than three of the following character classes:
    • Lowercase letters (lowercase)
    • Uppercase letters (UPPERCASE)
    • Digits (0-9)
    • Special Characters (%, $, #, _)
      • Valid non-alphanumeric characters are , + - $ [ ] * & ^ / % { } | " ' ? < > _
      • Do not use the characters: \ @ # [space]
  5. Be a password that you have not used in the past. 


So "GeorgeFox" will not be accepted (only two of the four types present - no number or special character) but "G30rG3F0><" would be fine. Similarly, pretzel3 wouldn't work, but "Pr3tz3L" would.

How do I change my password?
  1. Log into MyGeorgeFox at my.georgefox.edu.
  2. In the ‘Manage Account’ tile, select ‘Change GFU Password.’ 
  3. Enter your current password and your new password, then click 'Change Password'.