Account and Password Requirements

Requirements and procedures are in support of governing Columbia University IT Policies and CUIMC Information Security Procedures.

Accounts used at CUIMC—including email—must be kept secure to protect the information that they access. Practices such as sharing an account, using a weak or easy to guess password, writing down usernames and passwords, or neglecting to notify the system administrator(s) of an account no longer being used are examples of improper security that can easily lead to the release of sensitive, confidential or internal information.

Violating account and password use requirements can result in suspension of the account and access to institutional resources including the wired and wireless networks. Some incidents may also result in the need to report to University and federal authorities for academic, occupational and legal discipline and penalties.


The following apply for all University accounts.
NOTE: Most requirements can be found in Section III B of the Information Resource Access Control and Log Management policy text.

Additional Guidelines

If you have a login for a system, especially one that can access sensitive data, you should expect that the access can be tracked and that you can be held responsible for policies violated under your account if someone else is able to log with your account’s credentials.

Related Information

CUIMC Accounts

See the list of CUIMC Applications and Access for common systems used at CUIMC.

Overlap of Account IDs

There are instances where the same account ID or username provides access to one resource but not another. This is often done for the user’s convenience, but it is important to be aware that the same ID will not necessarily provide access to the same resources that a colleague may have.

It is also important to know that an account password for one ID will not automatically synchronize with other accounts if the password is changed. Common examples include:

The nature and variety of technical resources used at CUIMC is such that different IT groups can manage different systems, which are not able to synchronize account usernames and passwords

Account and Password Management Tools