Passwords

Having a strong password is increasingly important. Weak passwords can be guessed using free software available online, allowing unauthorized access that can result in identity crimes, extortion, or damage to reputation through the disclosure of sensitive or private information (yours and RIT's). Choosing a strong password is one of the most important things you can do to protect yourself online. 

Scope

This standard applies to RIT account passwords/passphrases.

Requirements

Passwords for the accounts of users and administrators on RIT computing and networked resources are required to meet the requirements below to the maximum allowable by the device or application:

  1. Passwords should be at least 12-characters. A longer passphrase is preferred. (A passphrase is a sequence of words or other text.)
  2. Passwords should meet guidelines for strong passwords, see Creating Strong Passwords for guidance on how to come up with strong passwords.  
  1. The user or administrator is the sole custodian of the password and should protect the password at all times. 
  2. Passwords should not be shared unless used for a documented and approved shared account.
  3. Passwords used for RIT accounts shall not be used with non-RIT accounts.
  4. Passwords should be physically secured if written down and should be encrypted if stored or transmitted digitally. 
  1. Passwords should be changes immediately when:
    • The password is a default or temporary password created by someone other than the user. This includes generic, vendor-supplied, and help/service desk default passwords.
    • The password, or a system, service or application storing, processing or transmitting the password, is suspected to have been shared or compromised.
    • For shared accounts, when the roles or responsibilities of any of the users are changed
  2. Passwords should not be reused for the next 6 password changes.
  1. Passwords should be utilized together with additional authentication controls, such as multi-factor authentication, when available. 
  2. We encourage the use of robust alternative authentication methods, such as certificate-based authentication. Alternative authentication messages require a security review.

RIT Computer Accounts

To change the password for your RIT Computer Account, visit http://start.rit.edu. Please contact the RIT Service Center at 585-475-5000 or help.rit.edu if you've forgotten your password or it is not working.

NOTE: These are minimum standards. Please review our password advice by visiting Creating Strong Passwords!

Effective Date: June 1, 2021

Standard History: June 21, 2004

RIT Password Standard