Security is an issue that is shared by each employee. All OSU employees are required to follow OSU password guidelines and to keep this information secured at all times. This information should not be shared with anyone at any time.

1. Passwords are not to be displayed or concealed on your workspace.
   
   
2. No passwords are to be spoken, written, e-mailed, hinted at, shared, or in any way known to anyone other than the user authorized to use that password. Supervisors may only obtain access through Provost approval.
   
   
3. No passwords are to be shared in order to “cover” for someone out of the office.
   
   
4. Passwords are not to be your name, address, date of birth, username, nickname, or any term that could easily be guessed by someone who is familiar with you. Use the following specifications:
1. Contain at least 1 uppercase letter
2. Contain at least 1 lowercase letter
3. Contain at least 1 number
4. Be 8 – 16 characters long
5. Not contain dictionary words
6. Not contain special characters or spaces
7. Not be one of the last 4 passwords used
   
   
5. Passwords within EMR and MegaWest are set to expire every 45 days.
   
   
6. Each employee, whether new or temporary, is assigned a unique and temporary password.
   
   
7. Each employee is limited to 3 log in attempts within MegaWest before the account is temporarily locked for 30 minutes to prevent unauthorized access.
   
   
8. User accounts are promptly disabled upon termination or resignation. See Termination Procedures policy for further details.

• Termination Procedures

Each individual has the responsibility for creating and securing an acceptable password per this procedure. Passwords are not to be displayed or concealed within your workspace.

1. The password must be at least seven characters in length.



2. The password must be a non-dictionary word.



3. The password must contain characters from three of the following four categories:
1. English upper case characters (A-Z)
2. English Lower case characters (a…z)
3. Base 10 digits (0-9)
4. Nonalphanumeric (For example,!,$,#,%)
   
   
4. The password must be significantly different from previous passwords.



5. The password must not contain all or part of the userid.



6. The password must not start or end with the initials of the person issued the userid.



7. The password must not include the first, middle, or last name of the person issued the userid.



8. The password must not be information easily obtainable about an individual. This includes license plate, social security, telephone numbers, or street address.

Password Expiration: Passwords should be changed whenever there is a belief that the password has been compromised. All newly activated userids are assigned a temporary password, which must be changed at the first use. Passwords will expire on a 120-day cycle.

1. SWC employees shall follow the OSU guidelines for creating and implementing individual passwords. The employee shall be informed of these guidelines at the time of employment or introduction to the PM system.



2. Passwords with the PM system are set to expire at predetermined intervals not to exceed a 120 day cycle.



3. A password shall be terminated when there is a belief that the password has been compromised or upon termination of the employee.