1. No common names or dictionary words. (A multi word phrase with no spaces is acceptable). 2. Include at least one character from at least 3 of the following: Include one uppercase letter Include one lowercase letter Include one number Include one special character 3. Use one of these three length and additional requirements: 10 characters minimum 8 characters minimum and annual password reset/expiration 8 characters minimum and a second authentication factor
SA4: Communications between servers or applications must be protected, whether the system is managed directly by Harvard or via contract with a third-party service provider for Harvard's use (e.g. IaaS, SaaS).
SA3: Communications between servers or applications and client machines must be protected, whether these servers are managed directly by Harvard or via contract with a third-party service provider for Harvard's use (e.g. IaaS, SaaS).
SA2: Servers and applications that manage passwords must force the setting of a complex password. This must meet the following requirements where technically feasible (consult the Security office if the following requirements are not technically feasible):... Read more about Complex passwords
SA1: Server operators must be able to identify a responsible party, known as the business application owner, for each application on the server and the data classification level of the information that the application stores and processes.