Security policy is a definition that determines how secure a system, an organization or other unit is.
Security policy of Computer Science Department is in progress. The following documents were given in the council of Department for approval
Password policy
The password policy applied at 11/03/2013 and you can find more information here.
Specifically, to consider that a password meets the conditions of password policy and can be admissible by the systems must much the followings:
- the number of password characters must be at least 8
- password must much with three of the four categories below:
- uppercase characters
- lowercase characters
- numbers (0-9)
- non-alphanumeric characters, anything of the following ~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/
- the new password must not contains the username
About department students (undergraduate, postgraduate and phd) their password expires every 90 days from the last time they asked to change it.
Additional checks
Using Linux platform for password change (passwd command) additional checks are applied. Some of them are:
- The password should not contain a part of the username
- The password should not be a dictionary word
- The password should not be a regression phrase or word like ΑΝΝΑ
- The password should not be like the previous with small changes on letters and caps
- The password should not be contain repeated characters (e.g. aaaaa11111) and cannot contain string that is contained on the previous password.
Passwd command is planned to be abandon in the near future, but for now keep in mind that apply the additional checks mention above.