Falcon Account Password Policy

A unique Falcon Account username is assigned to every person who has a relationship with the University. Together with a password, this forms the Falcon Account credential that is the institutionally managed credential used for access to IT resources (for example: e-mail, calendar, D2L, student records, office workstations, lab computers). Each person must choose a password for their Falcon Account that meets the following minimum requirements: 

  • At least eight characters in length
  • Contains at least one character from three of the following categories:
    o  Lowercase letter (a-z)
    o  Uppercase letter (A-Z)
    o  Digit (0-9)
    o  Printable special character (for example:!@$,.)
  • Does not contain the Falcon Account username, or parts of the user's full name that exceed two consecutive characters, or derivatives (for example: spelling last name backwards)
  • Does not contain a word found in a dictionary
  • Must not be the same as any previous password
  • Must not be similar to any previous password (for example: adding a number or letter)

Protect your Falcon Account password just as you would a credit card:

  • Do not share your Falcon Account password with anyone.
  • Do not write down your Falcon Account password unless it can be stored securely. Encryption in an electronic form (PDA, smart cell phone, software on your computer) is best but this is not always feasible. A password written down on a small piece of paper and stored in your wallet is acceptable. This same piece of paper taped to the bottom of your keyboard - even if it does not list your Falcon Account - is not acceptable.
  • Do not use your Falcon Account password on accounts other than your Falcon Account. This prohibits use on derivative accounts as well as other Internet accounts you might create.
  • Application administrators must not encourage use of the password associated with a Falcon Account in combination with any other identifier, such as a local application credential or an off-site account.
  • Computer systems and applications must not store the password that is associated with a Falcon Account unless it is stored in an encrypted secure manner approved by the Division of Technology Services (DoTS).

You are required to change your Falcon password at least once a year, but you may choose to change it more frequently. The Division of Technology Services (DoTS) will provide notification prior to password expiration. Once your password has expired, you will be required to change your password before accessing any IT service. This policy establishes the minimum requirements for a Falcon Account password. Individuals whose job duties require access to sensitive data or enhanced access rights will have stricter password requirements as outlined in the procedures document. DoTS will provide a secure process for resetting a forgotten password.

Authority:

The UW-River Falls Chancellor issues this policy in accordance with the Administrative Policy process. The Division of Technology Services is responsible for the administration of this policy. Request an exception to this policy from the Division of Technology Services (DoTS) web site (http://www.uwrf.edu/dots/).

Other University departments and groups cannot create local policies or procedures that reduce the requirements stated in this policy. They may make stricter requirements if desired (for example, requiring all department employees to change their password every 30 days). If there is a conflict, this policy takes precedence.

Sanctions and Appeals Process:

Failure to adhere to the provisions of this policy may result in appropriate disciplinary action as provided under existing procedures applicable to students, faculty, and staff, and/or civil or criminal prosecution.