Guideline for Account Passwords

I. Purpose

The purpose of this document is to provide guidance on the creation and management of account passwords in order to protect university information resources and reduce the risk of compromised accounts. For more information on password requirements, please see the UNC Charlotte Standard for Account Passwords.

II. Scope

The guideline applies to all UNC Charlotte staff, faculty, students, associates, affiliates, contractors, volunteers, or visitors who have or are responsible for an account (or any form of access that supports or requires a password) on any system housing university information or that has access to the UNC Charlotte network.

III. Contacts

Direct any general questions about this guideline to your unit’s Information Security Liaison. If you have specific questions, please contact OneIT Information Security Compliance at ISCompliance-group@uncc.edu.

IV. Guidelines

Consider these recommendations when selecting a password:

  • Passwords should not contain your last name, first name, or email address.
  • Avoid using dictionary words in passwords.
  • Consider using a “passphrase” that will be easy to remember but substitute some letters with numbers or symbols to avoid dictionary words.

Follow these steps for keeping passwords secure:

  • Treat passwords as confidential information and do not share them with others.
  • Do not use passwords created to access University systems for non-University systems.
  • Do not use the same password for a privileged account that is being used for your primary University account.
  • Do not use the “Remember Password” feature in browsers and applications.
  • Do not store passwords in a file unless the file is encrypted.
  • If you know or suspect your account or password has been compromised, report the incident to SecurityIncident-group@uncc.edu and change the password immediately.

Related Resources

ISO/IEC 27002 was adopted by The University of North Carolina at Charlotte in 2012. All standards and guidelines are based on this code of practice for Information Security Management.

Revision History

Initially approved by Information Assurance Committee 9/04/14
Updated 10/07/21