User Authentication Policy


Purpose:

The purpose of this authentication policy is to establish guidelines and procedures for ensuring secure access to the Learning Management System (LMS) while protecting sensitive information and maintaining user privacy.

Scope:

This policy applies to all users, including students, faculty, staff, administrators, and any other individuals granted access to the LMS.

Policy Statements:

User Identification and Authentication:

User Identification: Each user accessing the LMS must have a unique user account tied identity within our LMS.

Authentication Methods:

1.     Users will authenticate themselves using a combination of username and strong password during registration. 

2.     Additionally, each user account must be connected to a valid email address in order to be activated.  An email will be sent to your account for verification upon registration.

Password Management:

Password Complexity: Passwords must meet minimum complexity requirements, including a mix of alphanumeric characters, and special symbols, with a minimum length of eight characters.

Password Expiry and Change: It is considered best practice to change passwords periodically, with a recommended interval of every 90 days. Users will be prompted to change their password upon first login and then periodically thereafter.

Password Storage: Passwords must be stored securely using industry-standard encryption methods. Plain text storage of passwords is strictly prohibited.

Timelines: The LMS will maintain timelines of user activities, including login attempts, changes to access permissions, and other relevant events. Logs will be regularly reviewed for suspicious activities or policy violations.

Review and Revision:

This authentication policy will be reviewed annually by the PD team and updated as necessary to address emerging threats, technological advancements, or changes in regulatory requirements.