UMassD Logon Account Standards

The university owns all IT accounts, including UMassD Logons.  These accounts are created and provisioned to users for the purposes of accessing university IT resources, such as email, file storage, and the campus wired and wireless network.

All users have a responsibility to protect the university accounts under their care. Protection of these accounts may vary according to the risk that they present. Accounts with enhanced elevated privileges may have additional requirements.

At a minimum, all IT accounts must adhere to the following: 

Password Complexity

Accounts requiring passwords must, at a minimum, adhere to these password complexity requirements:

Your password must contain characters from three categories:

  1. English uppercase characters (A through Z)
  2. English lowercase characters (a through z)
  3. A number (0 through 9)

Your password must adhere to the following rules:

  1. Must be a minimum of 10 characters
  2. Must not contain the user's account name or parts of the user's full name that exceed two consecutive characters
  3. Must not contain simple words such as "P@ssword" or other commonly used password variants
  4. Cannot be reused, as the system retains a password history

Passwords can be more complex than these requirements to further reduce risk or comply with specific compliance requirements.

Protect Your Password

To better protect your information and that of others whose records you may have access to, please observe the following:

  • Know your password; do not save/store it or write it down.
  • Keep your password private; do not share your access with anyone.
  • Create passwords that cannot be guessed by those who know information about you.
  • Do not use security questions/answers that can be guessed by those who know information about you.

CITS reminds you that email messages requesting that you provide personal or sensitive information including a username and password are never valid requests.

Credential Sharing

The university assigns individual UMassD Logon accounts to eligible members (see UMassD Logon Account Eligibility Policy) of the UMass Dartmouth community. The UMass Dartmouth Information Security Policy explicitly prohibits the sharing of individual account credentials. Sharing account credentials, such as passwords, with others potentially puts your personal information, institutional information and research data at risk, and make it vulnerable to misuse.

Passwords must not be transmitted by insecure methods, such as email, chat, etc. Note that the UMass Dartmouth CITS will never ask for your account information via email.

Password Re-Use

Do not use your IT Account password for other non-UMassD services (e.g., bank account, social media, online shopping, non-UMassD email address). It is recommended that you use unique passwords for all your different accounts. If your password is compromised, all the accounts using the password are potentially at risk.

Password Changes

If you suspect that your UMassD Logon account password has been stolen or compromised, change all your password immediately. For information on changing your IT account password see Manage my Account.

Multi-factor Authentication (MFA)

Several UMass IT systems require the use of multi-factor authentication (MFA) as additional layer of protection. MFA is a two-step authentication process with something you know (password), and something you have (mobile device, office phone, or key fob).

Additionally, users whose account has been compromised as a result of responding to phishing emails or other forms of malicious activity, will be required to use MFA to manage their account (e.g. reset password, update security questions).

About the UMassD Logon Username

The UMassD Logon must preserve the uniqueness of each member of the UMass Dartmouth community. Therefore, once an individual is provided with a UMassD Logon (username), that logon can never change.

When someone has a name change or a status change (i.e., from student to employee), the UMassD Logon cannot change to reflect this. However, you may request an email name change (an "alias") to represent this change to email senders and receivers.

A change in the UMassD Logon (username) creates a new account without any contents.

Related Policies