U4: Passwords used on all systems for Harvard business should be of sufficient length and complexity to reasonably protect them from being guessed by humans or computers. Further, users must leverage multi-factor authentication (two-step verification) wherever supported. (Harvard systems behind HarvardKey authentication will meet our length, complexity, and multi-factor standards.)
Server operators must not knowingly set up accounts that will be shared by multiple users unless there is a process by which the individual users can be identified. The use of “sudo” or “runas” meets this how-to.