- home
- About
- District Board of Trustees
- policies
- 6Hx-18-6.05
Palm Beach State College Board Policy
Title: Password Management Policy
Policy Number: 6Hx-18-6.05
Legal Authority: F.S. 1001.64; F.S. 1001.65
Date Adopted/Amended: Adopted 8/8/2017; Amended 5/20/2025
Purpose
Passwords are the primary form of user authentication used to grant access to Palm Beach State College’s information systems. To ensure that passwords provide as much security as possible, they must be carefully created, used and protected.
Scope
The Password Policy applies to all information systems, information components, students and employees of Palm Beach State College, including all temporary or contract workers. For the purposes of this policy, a “user” is defined as any individual who has been granted access to the College’s information systems, including but not limited to employees, students, contractors, vendors, and guests.
Policy Statement
To protect the confidentiality, integrity, and availability of Palm Beach State College’s information systems, all users must adhere to the following password-related requirements. These standards are designed to ensure strong authentication practices, proper handling of credentials, and appropriate response to potential security threats.
1. All user-level and system-level passwords must conform to the Palm Beach State College Password Standard and Procedures.
- Passwords used to access Palm Beach State College systems are not to be used for other non-College access (for example, personal ISP account, option trading, benefits, and so on).
- Passwords associated with user accounts that have system-level privileges granted through group memberships or programs must have a unique password from all other accounts held by that user to access system-level privileges.
- Passwords are to be obscured during entry into information system login screens and are to be transmitted in an encrypted format.
2. Passwords are to be used and stored in a secure manner. As such, passwords are not to be written down or stored anywhere in your office.
- Passwords are not to be stored electronically in a file on a computer system or mobile devices (phone, tablet) without encryption.
- Passwords must not be inserted into email messages, or other forms of electronic communication.
- Passwords must not be revealed over the phone to anyone or on questionnaires or security forms.
- Passwords are not to be stored in the "Remember Password" feature of applications (for example, web browsers).
- User passwords are to be individually owned, known only by you, and must not be shared with anyone, including but not limited to, administrative assistants, secretaries, technicians, managers, co-workers, and family members.
- All passwords are to be treated as restricted and confidential College information.
3. Password cracking or guessing may be performed on a periodic or random basis by the Information Security Office or its delegates. If a password is guessed or cracked during one of these scans, the user will be required to change it to be in compliance with the Password Standard.
- Any user suspecting that his/her password may have been compromised must immediately report the incident to the Service Desk.
- The Information Technology department, under the direction of the Chief Information Officer and/or the Director of Information Security, reserves the authority to disable, lock, or limit access to any user account without notice if there is reason to believe the account has been compromised, is being misused, or poses a risk to College systems or data.
- The Information Security Office will verify compliance to this policy through various methods, including but not limited to, periodic walk-throughs, business tool reports, internal and external audits, and feedback to the policy owner.
4. Any exception to the policy must be approved by the Director of Information Security in advance and in writing.
An employee or student found to have violated this policy may be subject to disciplinary action, as per the College Board policy Grounds for Discipline and Termination of Employment (6Hx-18-5.44).