Password Policy

Fitchburg State University (hereafter referred to as “Fitchburg State”) utilizes passwords to provide secure access to a number of important electronic systems and applications. This policy establishes a standard for the creation, maintenance and usage of passwords within Fitchburg State systems.


Your “Falcon Key” account is a user ID and password that serves as the primary digital identity at Fitchburg State. It works in tandem with Fitchburg State’s Active Directory and LDAP (Lightweight Directory Access Protocol) to provide the foundation of authentication (who you are) and authorization (what you can do).

General Principles

Fitchburg State requires that the guidelines below are followed when accessing secure systems at the University. This applies to all personnel, students, business partners, contractors and consultants utilizing Fitchburg State electronic systems, regardless of their actual physical location:

  • Whenever possible, systems will rely on the University’s Active Directory system to integrate username/password information to maintain consistency and keep secondary authentication systems to a minimum.
  • Each user is responsible for maintaining the confidentiality of passwords that are used to gain access to University systems and services.
  • Passwords should not be shared with anyone, including assistants. All passwords are to be treated as sensitive, confidential information. It is permissible to share your password with Information Technology support personnel for troubleshooting purposes only and you should change your password immediately after the work is performed.
  • Passwords used to gain access to non-University systems or services should not be used as passwords to gain access to University systems or services.
  • If a password is compromised or believed to be compromised, users will inform the Help Desk and, if possible, changed immediately.
  • Passwords should not be written down or stored electronically without encryption.
  • Users should never attempt discovery of a system or another user’s passwords, either manually or utilizing an automatic password cracking system.

Password Composition and Restrictions

The following conventions shall be used whenever creating a password. The password shall:

  • Contain at least 8 characters but not more than 15.
  • Not be a word found in the dictionary.
  • Not contain the user's account name or parts of the user's full name that exceed two consecutive characters.
  • Contain characters from three of the following four categories:
    1. English uppercase characters (A through Z)
    2. English lowercase characters (a through z)
    3. Base 10 digits (0 through 9)
    4. Non-alphabetic characters (for example, !, $, #, %)
  • Be changed at least every 90 days, have five grace logins and will be expired thereafter.

Invalid username/password login attempts will be limited to five successive attempts and then the account will be locked for 30 minutes from any further attempts.

The six prior passwords will not be available for reuse.

Policy Violations


Applicable laws and Fitchburg State policy strictly prohibit the theft or other abuse of computing resources and information. Such prohibitions include, but are not limited to:

  • Unauthorized entry.
  • Use, transfer and tampering with unauthorized accounts and files.
  • Interference with the work of others and computing facilities.
  • The transmission of materials which pose a direct threat to safety, violate discrimination or harassment laws or policies, contain confidential information, or violate intellectual property laws.

Any suspected misuse should be reported to the Information Technology department via the Help Desk at Ext. 4500.

Disciplinary Action

Violations of this policy may result in restriction of access to Fitchburg State information technology resources, in addition to appropriate disciplinary action up to and including expulsion, discharge or dismissal.