Purpose
This document is to assist University users in establishing and maintaining secure usernames and accounts. It specifies the details as referred to by policies:
- 8000 Information Technology Resource Use
- 8020 Server Administration
- 8030 Desktop, Laptop, and Tablet PC Computing Standards
- 8130 Remote Access
Scope
These standards apply to all users and devices, physical or virtual, connected to Boise State’s network or managed cloud services through a physical, wireless, or virtual private network.
Standards
Unique usernames and passwords are required to access all systems for each session. Active Directory is the source of truth for all username and passwords. If a system is not capable of being linked to the university password and account system an exception should be sought and reviewed.
Usernames should be:
- Generated by the university identity system of record
- Composition – Usernames are based on first and last name. Any duplicates will append 3 random numbers.
- Length – Usernames will be shorter than 20 characters. Long usernames will be truncated to 16 characters and any duplicates will append random numbers.
Users are permitted to request changes to their username. Instructions and limitation can be found on the OIT Accounts webpage.
Accounts, passwords and access will be removed after inactivity.
Non-Compliance and Exceptions
A Request for Exception, along with a plan for risk assessment and management, can be submitted at Help Desk Self Service. Non-compliance with these standards may result in revocation of access, notification of supervisors, and reporting to Human Resources and or the Dean of Students.
Updates
Created: November 2021
Last Update: November 2021
Next Review: February 2025