Passwords are an important aspect of computer security. They are the front line of protection for user accounts. Passwords can preserve the confidentiality of password-protected data and are the sole property of account holders. As such, all California State University, Long Beach (CSULB) BeachID accounts, including contractors and vendors with access to CSULB systems, are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords. Password Standard applies to all applications that access level 1 and/or level 2 data. This applies to all CSULB, Auxiliary organizations, and third party vendor products used for University business.
The purpose of this standard is to communicate the composition of strong passwords, the protection of those passwords, and the frequency of change.
This standard applies to all individuals who have or are responsible for an account or any form of access that supports or requires a password on any CSU system, has access to the CSULB network, or stores any non-public CSULB information.
Passwords are used for various purposes at CSULB. Some of the more common uses include: user level accounts, email accounts, screen saver protection, and local router logins.
Passwords shall at least adhere to the following complexity guidelines:
To the extent that password complexity is supported by respective devices and/or systems, passwords should also:
Your password is to be treated as confidential information. To protect your confidential information, you should take the following measures:
The Password Standard at CSULB for all applications that access level 1 and/or level 2 data are NIST level 2 compliant. In addition to composition rules defined above, the following criteria illustrate the NIST level 2 threshold settings.
All User Accounts
Password Minimum Length
Password Lifetime (in days)
Password Composition Rules
Number of Failed Authentications before Acct Lock
Account Lock Duration (in minutes)
NIST Password Threshold Level
figure 1: NIST Password Standard
Common Financial System
Oracle HCM (HR/SA) administrative system
BeachID/campus LDAP, AD-based systems
figure 2: Password Change Frequency