General Information Password management is done through the SMUMN Portal. To ensure passwords do not get out of sync (Portals, Canvas, Active Directory, and Google Workspace), Saint Mary’s has ONLY implemented the password change settings via the Portal, which is the main way users access the system. This protocol ensures that when users change their passwords, it gets updated in all other places as well.
The Portal becomes locked out after five bad attempts and automatically unlocks after 10 minutes.
Active Directory accounts are set to lockout after 10 attempts and unlocks after 10 minutes. Active Directory accounts that are not in the portal (ex: contractor/vendors) do not have access to the portal so their passwords are set to expire annually.
Saint Mary’s University uses the National Institute of Standards and Technology (NIST) for best practice guidelines.
1. Passwords must be 15 characters in length. Special characters, numbers and upper/lower case characters are not required.
2. Passwords will expire every 365 days.
3. When changing a password, the user must not change it to the most recent password.
4. Passwords are to be used and stored in a secure manner. Passwords are not to be written down or stored electronically. Passwords are to be obscured during entry into information system login screens and are to be transmitted in an encrypted format.
5. Passwords are to be individually owned and kept confidential, and are not to be shared under any circumstances.
Alleged violations of this policy will be investigated by the employee’s supervisor, in coordination with the assistant vice president of human resources or their designee. The assistant vice president for information technology or their designee will assist with investigations, as appropriate.
Violation of this policy will be handled according to established procedures in the Saint Mary’s Employee Handbook, under the Work Rules and Conduct Standards and the Corrective Action sections. The university supports the theory of corrective action and retains discretion to take action that is appropriate to the particular circumstances. Violations of rules or policies may result in corrective measures that, depending upon the circumstances and at the discretion of the university, may include verbal or written warnings, suspension (with or without pay), or immediate discharge. These corrective measures do not constitute an exclusive list of possible action and may be repeated, skipped or taken out of order.
Sanctions for non-compliance may include legal action according to applicable laws and contractual agreements.
For questions regarding your password please contact the IT HelpDesk at 507-457-7800.