Dakota State University students walking around campus

Rise with us

DSU is a place where innovation meets opportunity. We are a nationally recognized leader in technology-driven education, constantly pushing the boundaries of what’s possible. With hands-on learning experiences, expert faculty, and cutting-edge facilities, we prepare you for modern careers. Choose from a wide range of affordable, forward-thinking programs that allow you to shape your own path. Your future begins today.

Majors & Degrees

Search

Popular searches

smiling woman

Rise with us

DSU is a place where innovation meets opportunity. We are a nationally recognized leader in technology-driven education, constantly pushing the boundaries of what’s possible. With hands-on learning experiences, expert faculty, and cutting-edge facilities, we prepare you for modern careers. Choose from a wide range of affordable, forward-thinking programs that allow you to shape your own path. Your future begins today.

Visit DSU

Home Passwords

Passwords

Policy 14.7
Approved by: President
Responsible Officer: CHIEF INFORMATION OFFICER
Responsible Office: INFORMATION TECHNOLOGY SERVICES
Originally Issued: 06/30/2025
Last Revision: NEW
Category: TECHNOLOGY
Related Policy
SD BOR 7.1 Acceptable Use of Information Technology Systems
SD BOR 7.4 Security of Information Systems

  1. Reason for Policy

    This policy sets guidelines for creating, using, and managing passwords at the University. Using strong passwords is essential to keep the University's information and data safe from unauthorized access and cyber threats.

    This policy is for anyone who has access to the University's systems and or data. This includes faculty, staff, students, contractors, and third-party vendors. It covers all types of accounts that need passwords, such as user accounts, system accounts, and administrative accounts.

  2. Definitions

    1. CIO (Chief Information Officer): Campus Chief Information Officer is the department head for the DSU (Dakota State University) technology department.
    2. ITS. Information Technology Services. The official technology department for Dakota State University and subsumed departments.
    3. Password Expiry: A security control that required some accounts to change passwords after a specified period.
    4. Users/End Users/System Users. Refers to the individuals or entities that interact with and utilize an information system or application to perform tasks, access data, or consume services.

  3. Statement of Policy

    1. Password Establishment.  End users shall be responsible for creating and maintaining passwords that meet the requirements of this policy.
    2. Password Requirements for Users, Service and System Accounts
      1. Password Composition
        1. Default passwords must be changed.
        2. Passwords must be at least 20 characters long.
        3. Passwords must not include any part of the user's username, full name, or any references to the University or the user’s position.
        4. Passwords shall be unique and cannot be reused.
    3. Password Expiry
      1. Password Expiry for Users: End user passwords do not expire.
      2. Password Expiry for Service and System User Accounts: All system-level passwords (e.g., root, service, application/system accounts, etc.) must be changed at least every 120 days.
    4. Password Management
      1. Passwords must not be stored or transmitted in plain text or using insecure methods, such as email or unencrypted files, or stored on unmanaged, personal devices.
      2. Users shall not share their passwords with other DSU employees, students, or any other individuals.
      3. Users must not use their DSU email address or password as credentials for accessing non-DSU related services (e.g., online banking, social media, or any other third-party websites or services).
      4. If a password has been shared or an account has been compromised, the user shall report the incident to ITS and the password must be changed immediately.
      5. Users may use a password manager to store and access passwords securely.
    5. Single Sign-On:
      1. The University shall implement a single sign-on (SSO) solution, which enables users to authenticate with a single set of credentials, reducing the need for multiple passwords and enhancing user experience, to simplify and strengthen access management for its systems and applications.
      2. The SSO solution shall integrate with the University's identity and access management system.
      3. The SSO implementation shall adhere to best practices for secure configuration, session management, and regular security reviews to mitigate risks associated with centralized authentication.
      4. ITS shall, to the extent possible, ensure that all legacy systems, as well as new systems developed in-house or acquired off the shelf, support Single Sign-On (SSO) authentication.
    6. Enforcement: Users found in violation of this policy may be denied access to the DSU network. DSU will immediately disable and reset the password for any DSU user whose password has been shared with others, or reasonable evidence exists that it may have been shared.

    Exclusions

    N/A

    Exceptions

    Exceptions to this policy shall be reviewed and approved by the CIO.

  4. Procedures (Major)

    1. End-Users. Navigate to the DSU Account Management site to set up or modify your password.

  5. Related Documents, Forms, and Tools

    DSU Account Management

    NIST SP 800-63 Rev 3

  6. Policy History

    Adopted: 06/30/2025

Policies

Policy Request Form