Amherst College Password Protocols

The College must comply with a Massachusetts law that requires it to follow industry standards for password management.  The implementation of these standards is an important part of our effort to maintain effective security of the College computing network, which helps all of our computers and the network run as they should.  Employees are now required to follow these protocols for the passwords they use to access Amherst’s network, web site, e-mail, and other electronic resources*.

  1. Passwords must be changed using the easy link on the College’s web site at least once every twelve months, but may not be changed more than once an hour. If you do not change your password within a twelve-month period, you will be notified and automatically denied access to electronic resources until you do change it.
  2. Employees must use “strong” passwords, which make it difficult for outsiders to break into our network.  Strong passwords contain  a minimum of eight characters; do not include common names or words found in dictionaries; and must include a combination of any two of the following:  a) numbers, b) letters, and c)  special characters (e.g. &!#$%).
  3. Your Amherst College passwords should not be the same as any personal or off-campus passwords that you use.
  4. You may not reuse any of your last ten passwords.
  5. If 20 failed attempts to log in to any user account occur within an hour, that account will be blocked from all College supported electronic resources for the next hour, so that we can verify that no one is trying to gain unauthorized access to our network.

We appreciate your cooperation with this policy, which will help guarantee a safe computing environment for our campus community.  If you are having trouble thinking of a strong password you will find easy to remember, you could, for example, choose the first letters from each of the words in a book title. So, for instance, on the shelf above my desk is the book, The Structure and Dynamics of Networks, published in 2006. As a password this could be: TS&DoN06.

As a reminder, you should not share your Amherst College password with anyone, including anyone from IT (or representing themselves as from IT).  It is also best never to write down your passwords.  

*Additional security measures will apply to those who access the College’s central database, Colleague.