User Identifiers (User-ids)
Background
For security reasons, Antioch University’s (AU) goal is to configure all our electronic resources to require a User-id and password for access and to prevent anonymous access to the resources. Everyone who uses the information technology resources at Antioch University (AU) will therefore be required to sign-on using a User Identifier (User-id) assigned by AU. The User-id is used in conjunction with a password that is set by and known only to the user. With some software applications a person’s User-id cannot be protected from disclosure and therefore the User-id should be classified as FERPA Directory Information.
User-id Requirements
The User-id must meet the following criteria:
- It must be unique to the person it is issued to and no one should have more than one active User-id.
- Once a User-id has been issued it will never be re-used even if the person who has been issued the User-id leaves the University or is issued a new User-id.
- The User-id will be considered Directory Information under FERPA. The User-id by itself is not enough to gain access to any IT resources; it must be used in conjunction with a password known only to the person who has been issued the User-id.
- The User-id will be used for logging on to all IT systems and resources. Some IT systems limit a user ID to 8 characters and do not allow special characters. Therefore Antioch’s User-id will be a maximum of 8 characters long and will not contain special characters to ensure that it can be used for all systems.
User-id Format
For all students and employees a person’s User-id will be their Datatel number. A person will not have a valid User-id until they have been entered into Datatel.
There may be occasions when individuals or groups need access to AU IT resources but where the individuals have no permanent or long-term affiliation with the university. User-ids will be provided on a case-by-case basis for these individuals or groups with no fee assessed; however, these individuals or groups must be sponsored by a full-time AU employee and the sponsorship supported by that employee's Department Head. A User-id for individuals or groups must be requested on the appropriate forms provided by IT. For authentication purposes, the date of birth (DOB) and last four digits of social security number (SSN) will be required for each person needing a User-id. Once completed, the form should be forwarded to the Help desk.
Passwords
Passwords are to be used in conjunction with a person’s User-id to access Antioch’s IT resources. The User-id is directory information and may be known by others but the password is private and should be known only to the user. It is the person’s responsibility to keep his or her password confidential.
An initial password will be issued when a User-id is first assigned. The user will be forced to change this password when it is first used. A new password will also be issued if a person forgets their password. A new password may be obtained from the help desk or through other automated procedures that may be established. New passwords will be issued only to the owner of the relevant User-id and only after the person requesting the password has adequately established their identity. New passwords issued by the Helpdesk must be changed the first time they are used.
Acceptable Passwords
- Passwords must be at least eight characters long.
- Passwords must contain a combination of lower and upper case alphabetic characters and numbers. Passwords are case sensitive, so "password" is not the same as "PASSWORD".
- Passwords may not contain the person’s name or their User-id. When a password is reset, it must not duplicate the previous password. Passwords cannot be reused within one year.
Password Protection
- Do not share passwords except in emergency circumstances or when there is an overriding operational necessity. Change your password immediately after sharing.
- Do not leave passwords in a location accessible to others.
- If you suspect your password has been stolen ("cracked"), change it immediately.
- Where possible a security action will be taken after five unsuccessful login attempts. The security action will typically be to lock-out the account so that the person must get a new password.
- Passwords must be changed at least once every six months.
Email Addresses and Aliases
Background
In the past there was no consistency in how Email addresses were assigned at Antioch; they were spread across at least 7 different domains and the formatting of the addresses was handled independently by each campus. In 2008 we issued everyone at AU a new primary Email address based on a single domain (antioch.edu) and using a consistent format. In future all new Email addresses will be created automatically by the Identity Management System (Idm) using this same format.
People who had been assigned Email addresses that did not conform to the new format will keep these old Email addresses as aliases for an extended transition period so that any Email sent to the older Email addresses will continue to be delivered.
Scope
Existing users will have new email addresses assigned as their primary Email address. Where possible, existing Email addresses will be kept as aliases for an extended transition period so that Emails sent to the old Email addresses will continue to be delivered. However when new business cards are issued or literature that refers to Email addresses is being re-printed; they should refer to the new primary Email addresses that have been assigned.
All Email addresses will be based on the antioch.edu domain. The only exceptions will be WYSO whose email addresses will be based on wyso.org and Glenn Helen whose Email addresses will be based on glennhelen.org.
New Email Format
A person’s Email address will generally be the first letter of their legal first name concatenated with their legal last name followed by @antioch.edu. If this algorithm would result in two identical Email addresses then sequential numbers will be added to the second and subsequent Email addresses to distinguish them. If a person has a hyphenated last name then only the part of the last name before the hyphen will be used.
Examples:
- Email address for Frank McKenna will be fmckenna@antioch.edu
- Email address for Fred McKenzie will be fmckenzie@antioch.edu
- Florence McKenzie will have an Email of fmckenzie2@antioch.edu
- Bill Wallace (legal first name is William) will have an Email of wwallace@antioch.edu
- Jane Symour-Smith will have an Email of jsymour@antioch.edu
- If jsmith9 has already been assigned then John Smith will have an Email of jsmith10@antioch.edu
Some Email addresses and their associated Email accounts are not associated with individuals but rather with Antioch Organizational units (e.g. Registrars Office at New England). These Email addresses will also be based on the Antioch.edu domain (except for WYSO and Glenn Helen) and will in general follow the format office_name.campus_acronym@antioch.edu. The campus acronyms will be ANE for New England, AUM for McGregor, AUS for Seattle, AUSB for Santa Barbara, and AULA for Los Angeles.
Examples:
- Registrars at New England will be registrar.ane@antioch.edu
- Admissions at Los Angeles will be admissions.aula@antioch.edu
Email Address Creation and Maintenance
- Email addresses will be created at the same time that users are entered into Datatel and their User-ids are created. The name information required to create the Email addresses will be the person’s name information stored in Datatel.
- Email addresses and accounts not assigned to an individual will be manually created and should be requested through the Helpdesk at least 48 hours prior to the time they are required for use. Examples would include Email addresses for campus Registrars offices, Admission offices, etc.
Effective Dates
The effective dates for these procedures will vary:
- The effective date for the password rules will be dependent on the implementation of the Identity Management System. This is expected to be in the second half of 2009.
- The effective date for disallowing anonymous access to AU IT resources will be dependent on implementation of Network Access Control which is expected in the first half of 2010.
- All other items are currently effective or will be in effect by end of June 2009.