Skip to Main Content
System owners must be able to identify individual users of systems that contain or access confidential information. Passwords used to access such systems must meet current industry standards for length and complexity. User passwords must not be shared and must not be retrievable by anyone, including the system operator.
The Harvard PIN system or LDAP Server are to be used for University applications that access confidential information unless a specific exception is made by the University CIO.
Business owners of systems have been identified and a bi-annual review of application access will happen on a rolling basis. If you have a system with High Risk Confidential Information and you are not currently working with HLS ITS on this process please contact Security(@law.harvard.edu).
HSL ITS has implemented the following password policy: A password must include three of the following 4 elements; Alpha character lower case, Alpha character upper case, Number or Symbol ( such as @, #, $, %, ^, &, *)
Q: Is it acceptable to share my password?
A: You should never share your password with anyone. This includes co-workers and family members.
Q: What constitutes a good password?
A: HLS ITS prefers the term ‘passphrase’. Please see Password FAQ for more information regarding the HLS passphrase policy and passphrase requirements.
Back to Top