Changes to UCD's Password Protection Policy
Tuesday, 1 October, 2024
The University has approved a number of changes to UCD's Password Protection Policy which impacts all UCD IT account holders and application owners. Please ensure that you are familiar with this policy.
What’s new?
The policy now clearly outlines the roles and responsibilities of users and application owners, it is your responsibility to ensure you are familiar with these. The key changes are outlined below:
- University accounts must use multi-factor authentication where supported
- Passwords that have been used elsewhere on a UCD or non-UCD application are now defined as weak
- Privileged account passwords must now also conform to standards of a strong password and have no characteristics of a weak password
Responsibilities for application owners have been expanded to include:
- University applications containing personal data or confidential university information should authenticate users using UCD’s supported SSO service where feasible.
- User accounts must be configured to lockout for a duration after consecutive unsuccessful login attempts.
- University applications must prevent password reuse where feasible.
- While the use of generic accounts is not recommended, if used, passwords for generic accounts must be unique, rotated frequently and stored securely and only accessible to those who need it.
These enhancements will significantly strengthen our password protection measures and contribute to the overall security posture of UCD. For help on creating strong passwords, please see the IT Support Hub article on creating (opens in a new window)Strong Passwords.
If you suspect your password has been compromised, please report the incident to the IT Helpdesk at www.ucd.ie/ithelp and (opens in a new window)change all related passwords immediately.
View the UCD Password protection policy
UCD IT Services
Computer Centre, University College Dublin, Belfield, Dublin 4, Ireland.Contact us via the UCD IT Support Hub: www.ucd.ie/ithelp