Requirements for Secure Passwords Begin in Winter Quarter

As a next step in the ongoing information security program, the Division of Instructional & Information Technology (I&IT) will begin requiring secure BroncoPasswords this winter quarter. Faculty and staff members who haven't changed their passwords since Dec. 7 will be notified that they need to change them before Feb. 5.

Following an initial communication and as the deadline approaches, reminders will be sent to all faculty and staff who haven't made needed changes.

I&IT Vice President Debra Brum pointed out that secure password implementation is the latest project in her division's concerted efforts to increase security.

“Our IT Governance theme for 2006-07 was Information Security,” Brum said. “We appointed our first permanent information security officer, Al Arboleda, established secure password requirements for new employees and new students, enhanced the security of the campus network and discontinued the use of insecure protocols like telnet to access central services on the campus intranet.”

This year, the IT Governance Executive Committee accepted a recommendation from its Standards & Support Subcommittee to require secure passwords of all employees and students as soon as practical, Brum pointed out.

“Passwords are the key to personal information on faculty, staff and students that we all have a duty to protect,” Brum stated.

Many users have already taken advantage of a newly tested method of remembering their passwords by using pass phrases. An example that meets the new requirements is a phrase such as “All Broncos are great.” (Note: of course individuals must come up with her/his own version of a pass phrase – people should never use any phrase that's been widely advertised.)

The new password requirements are at least eight characters with at least three of the following four elements:

  • At least one capital letter              
  • At least one lower-case letter              
  • A number              
  • Special characters, such as  !@#$%.,<>^?[]{}&*()_-+=/\|:;~` or a space .  

Once all employees have selected secure passwords or pass phrases, students will be notified starting in May that they need to make the same change.

Cal Poly Pomona's homepage now has an easy link entitled “Change Your BroncoPassword,” which takes users to a newly upgraded self-service page called “My Control Panel.” Users may get assistance from the Cal Poly Pomona Help Desk by calling (909) 869-6776 or by visiting Building 1, room 100, Monday through Thursday from 7:30 a.m. to 9 p.m. and Friday, 8 a.m. to 5 p.m.

Users may also e-mail the Help Desk at Please note that BroncoNames, BroncoPasswords and other user-specific information cannot be provided via e-mail because of security concerns.

The new security requirements apply only to the BroncoPassword, which is used to access applications such as e-mail, BroncoDirect, Blackboard and the Data Warehouse. College or departmental services and access to outside, online services such as journals and banking have their own set of password requirements.

Along with changing passwords, users accessing My Control Panel can also change their network password (used for on-campus wireless and off-campus connectivity), send their university e-mail to an off-campus email service and filter spam.

For online information on e-mail and other centralized technology services, visit ehelp, I&IT's 24-hour self-help service at