Menu

Rules for using passwords

General rules

Here are some simple rules for using passwords valid for University of Turin portal community users and those uploading data via the portal applications:

  • the above-mentioned users are aware that they must keep their authentication credentials for access to services confidential and store them with the utmost care and diligence (like an ATM PIN code) and must never share or give them to other users even at different times
  • users should change their passwords regularly and use different passwords to access different portals and social networks
  • passwords must be made up of at least eight characters or the maximum number of characters allowed by the chosen electronic device.
  • passwords must not contain references that can be easily traced back to the person concerned (e.g. their name or family names, tax code, social security number, date of birth, phone number, etc.). Users should use a mix of upper and lower case letters, numbers and punctuation and special characters (e.g. ! $ # or %) in the body of the password.
  • users are directly responsible for any operation carried out using their passwords. In fact, the user also assumes sole responsibility for their activities while using University services whereby absolving the University of Turin from any claim, demand or threat relating to or arising from the use or abuse of his/her using said services.
  • passwords must be changed every three to six months and users must notify the University of Turin immediately of any unauthorised use of his/her user identification (username) and password or any other breach of security if he/she becomes aware.

The University does not ask its users for passwords to be checked by e-mail. Users must take special care in order to avoid phishing (Internet scam where an attacker tries to trick the victim into providing personal information - Source: Wikipedia).

Additional rules for data entry users

These users are aware that they are directly responsible for activity carried out by means of their passwords and that they are bound to secrecy regarding their work processes, and that they cannot divulge or communicate any information externally concerning administration and production methods, or use it in such a way as to cause damage or harm, nor can they, unless specifically authorised in writing by the person in charge, extract a copy of the database or part of it.