Umm Al-Qura University

Umm Al-Qura University

Password Management Policy

- 2019/04/09

Password Management Policy

This policy enables the creation and management of password credentials. A password is the key to access the various technical resources at the university; therefore, the process of controlling the creation of passwords provides a mechanism that ensures that only the persons authorized to use these resources are given access.


All users of technical resources at the university.


Building and developing e-systems that are fully integrated, internally and externally.

Automating all services and transactions.

Strategic Objective

Administering the password selection process.

Detailed Objective



Login user name ID/password at Umm Al Qura University should meet the following criteria:

  1. 6 Be at least 6 characters in length.
  2. Contain both upper and lowercase alphabetic characters (i.e. A-Z, a-z).
  3. Have at least one numerical character (i.e. 0-9).
  4. Furthermore, the operating system section advises the user to change the password every 60 days.

Operational Policies and Procedures:

Login username ID/password at Umm Al-Qura University should not include the following:

  1. Spell a word or series of words that can be found in a dictionary.
  2. Spell a word with a number added to the beginning and/or end of it (e.g. Muhammad1).
  3. Be based on any personal information, such as user ID, family name, date of birth, etc.
  4. A password must not be exchanged with anyone, including the staff of the Operating Systems Department at the Deanship of Information Technology, students, and academic members and employees. The staff of the Operating Systems Department of the Deanship of Information Technology can provide support to users without them having to disclose their passwords.
  5. A password must not be written down or left in a place where it can be easily found. In cases where it is required to write it down, it must be kept in a secure location, and it should be properly erased when no longer needed.
  6. Previous passwords must not be reused. If a user's account has been compromised, with or without a user's knowledge, reusing a previous password would allow it to be compromised again.
  7. The same password must not be used for multiple accounts.
  8. Using the same password for multiple accounts makes it easy to remember, but it may also have a sequential order that allows hackers to access multiple operating systems.
  9. Automatic access should be avoided. Using the automatic access feature eliminates the importance of using a password.