2. All users are responsible for protecting their Harvard passwords and other access credentials from unauthorized use.

Different Passwords

U3: Different passwords must be used for Harvard and non-Harvard accounts.

No Shared Passwords

U1: Users’ passwords and other access credentials must never be shared.

Protect Passwords

U2: All passwords and other access credentials must be protected.

Strong Passwords

U4: Passwords used on all systems for Harvard business should be of sufficient length and complexity to reasonably protect them from being guessed by humans or computers. (Most Harvard systems enforce length and complexity standards.)

Complex passwords

SA2: Servers and applications that manage passwords must force the setting of a complex password. This must meet the following requirements where technically feasible (consult the Security office if the following requirements are not technically feasible):... Read more about Complex passwords

Malware detection

SA10: Servers must be running applicable malware detection software with up-to-date signature files.

Stored passwords

SA7: Systems that manage user passwords must be designed in such a way that the passwords are not retrievable by administrators.