Note: ISS stands for Information Security Standard.
This document defines minimum standards and recommendations for the creation and use of passwords and passphrases for all BCIT staff, faculty, students, alumni, retirees, and contractors.
Passwords/Passphrases must have a minimum of 15 characters and include at least:
In addition to the complexity standards above, passwords in any PCI Card Data Environment:
Due to the increased power of password cracking technologies, BCIT recommends using passphrases with a minimum of 16 characters where systems allow. Consider using a phrase of disconnected words that you can picture in your head.
To create a complex password when a passphrase is not an option, consider using the first letter of each word in a phrase. For example, “I used to bake 15 chocolate layer cakes in a day!” becomes “Iutb15clciad!”.
Your password/passphrase should be easy for you to remember but hard for others to guess or crack.
Ways to keep your password/passphrase safe:
On devices such as smartphones and tablets with touch-screen interfaces it might not be practical to use a long and strong password/passphrase. Instead, a numeric password/PIN (minimum 5 characters) may be used.
Biometric access controls such as fingerprint readers and facial recognition are acceptable alternatives to passphrases/passwords/PINs.
Remember:
BCIT IT Services will never ask for your password by email.
Users must immediately report all compromised account incidents to: BCIT IT Services @ BCIT IT Service Desk (ITS) Information Technology Services
Tel: 604-412-7444 (Option 1), 1-800-351-5533 (Option 2), Email: ITShelp@bcit.ca