Los Rios Password Policy
What is the password policy? All Los Rios employees and students logging into the Los Rios network (aka Active Directory) are required to create and use “strong” passwords. This password must satisfy a specific length and complexity requirement and must be changed every year.
Why 365 days? Research suggests that frequent mandatory password expiration may weaken password security. Users who know they will have to change their password frequently do not choose strong passwords and are more likely to write their passwords down. Users often choose the same password with small modifications to the beginning or end, thus once an attacker knows a password, they are often able to guess the user’s next password fairly easily. National Institute of Standards and Technology (NIST) emphasized that other aspects of password policies may have greater benefits than mandatory expiration, including requirements for password length and complexity.
Additionally, in order for our Information Technology department to efficiently manage, notify, and communicate expiring and expired passwords; staff and students should have the same password expiration timeline. Based on new research and the digital guidelines from the NIST, the Information Security Officers evaluated the risks and benefits of requiring less frequent mandatory passwords expiration and agreed that the benefits outweighed the risks.
When to change your password:
- If your current password is weak. The longer the password length the more secure it is. Consider using a paraphrase. (Example: Summerisfun4me.)
- If you have reason to believe your password has been stolen. Make sure you change it on all of your accounts where you use the same or a similar password.
- If you shared your password with a friend, co-worker, supervisor, or anyone.
- If you saw someone looking over your shoulder as you were typing your password.
- If you think you might have just given your password to a phishing email/website.
- If you just feel like it’s time for a change.
Regardless of why you are changing your password, choose a new password unrelated to the old one.
When will the District reset your password?
- When the District receives notification from a trusted third party that your password may have been compromised (e.g., FBI, Google, etc.).
- When the District suspects that your password may have been compromised (i.e., malware is discovered on your machine, identify theft reported, your account is sending out spam, etc.).
How to change your password:
- Via your PC: Click “ALT+CTRL+DELETE” and select “Change a password.”
- Via the website: Visit http://www.losrios.edu, click on the “Eservices” link on the left menu and then click on the “Change
- Go to http://www.losrios.edu/changepassword and follow the prompts to change your password. This link is found on the eServices login page and the Employee Self Service login page.
How to create a new password:
Los Rios Community College District Password Complexity Rules:
- Your password must contain
- at least 10 characters,
- an UPPERCASE letter,
- a lowercase letter, AND
- a number
- Your password cannot contain any part of your first or last name or your LRCCD ID number
- Your password cannot be the same as the previous 8 passwords used.
- 5 consecutive failed login attempts will lock your LRCCD account for 15 minutes.
If you have any additional questions about how to change or create a new password, please contact your campus Help Desk, or District Help Desk at (916) 568-3012.
 Federal Trade Commission: https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes; National Institute of Standards and Technology (NIST) SP 800