RE: Account & Password Security
March 28, 2018

Post

Dear Colleagues,

In light of the continuous onslaught of new and improved internet scams as well as an increased focus on federal and state compliance, IITS would like to remind everyone to keep their user account information confidential. The password to an account is the key that protects privileged and personal information.

In support of board policy, federal, state, and local laws, LBCCD Administrative Regulation 6006 specifically prohibits the sharing of user accounts and passwords. No one, not even IITS, should ask for your password.

Several federal and state laws, such as FERPA and the Gramm-Leach-Bliley Act (GLBA), specifically prohibit passwords from being shared. As such, this policy applies not only to staff and faculty accounts but to student, volunteer, and third-party vendor accounts as well.

In addition to common financial repercussions associated with comprised accounts, consider the following.

  • Computer activity is logged, which means that if someone uses your account unethically, it can be traced back to you.
  • If an account is used to perform a fraudulent or malicious act and you have knowingly given or accepted access to that account, you can be held liable.
  • A person that has your password has access to your personal/ work related files, can modify your data, and can send emails in your name.

In order for IITS to respond appropriately (by blocking emails, reiterating policy, etc.) please contact the IITS Help Desk if any of the following occurs.

  • You receive an email, phone call, on in-person request asking for your password.
  • A person offers you their password.
  • You see an account and password posted in plain view (this is a direct violation of a clean desk policy described in Administrative Regulation 5011).

Thank you for helping to keep your account information and the account information of others confidential.