Password Management Policy

Policy:

Login user name ID/password at Umm Al Qura University should meet the following criteria:

1. 6 Be at least 6 characters in length.
2. Contain both upper and lowercase alphabetic characters (i.e. A-Z, a-z).
3. Have at least one numerical character (i.e. 0-9).
4. Furthermore, the operating system section advises the user to change the password every 60 days.

Operational Policies and Procedures:

Login username ID/password at Umm Al-Qura University should not include the following:

1. Spell a word or series of words that can be found in a dictionary.
2. Spell a word with a number added to the beginning and/or end of it (e.g. Muhammad1).
3. Be based on any personal information, such as user ID, family name, date of birth, etc.
4. A password must not be exchanged with anyone, including the staff of the Operating Systems Department at the Deanship of Information Technology, students, and academic members and employees. The staff of the Operating Systems Department of the Deanship of Information Technology can provide support to users without them having to disclose their passwords.
5. A password must not be written down or left in a place where it can be easily found. In cases where it is required to write it down, it must be kept in a secure location, and it should be properly erased when no longer needed.
6. Previous passwords must not be reused. If a user's account has been compromised, with or without a user's knowledge, reusing a previous password would allow it to be compromised again.
7. The same password must not be used for multiple accounts.
8. Using the same password for multiple accounts makes it easy to remember, but it may also have a sequential order that allows hackers to access multiple operating systems.
9. Automatic access should be avoided. Using the automatic access feature eliminates the importance of using a password.