University Management considers contravention of the institution’s password policy in a serious light as this creates certain risks for the University. Given this policy, UP Staff are reminded that:

• You may not disclose your UP system password(s) to third parties.
• You may not access UP systems using a username and password that belongs to someone else (irrespective of how you became aware of this other user’s password)
• Should it be detected that a person has gained access to any system (hardware or software) by using the credentials of another person, with or without that person’s permission, it may lead to disciplinary investigation and action against:
  • the person who gained the access, and
  • in the event that a user had disclosed their password to another, the user who had disclosed the password(s).

Consequently staff who are requested to log into a system on behalf of another person, e.g. by your manager or work colleague, are advised to refuse on the grounds of UP’s password policy.

Background

You may, for your own convenience, be tempted to provide your passwords to a colleague, personal assistant or an IT technician. You should, however, take note that if a person knows your UP Portal password, that person will be able to access an increasing number of applications, including the PeopleSoft institutional systems on which your personal information is available and where access rights granted to you, based upon your position or role within the University, may get compromised.

It is for these reasons that the UP Password Policy (available on the Intranet at http://www1.up.ac.za/cs/groups/public/@public/documents/document/mdaw/mda0/~edisp/004268.pdf) stipulates that the disclosure of passwords to third parties is not allowed. The reasons for this are:

• For your own protection: You probably want to protect your personal and sensitive information, such as your salary slip, tax certificate, bank details and performance evaluation against unauthorised access.
• For UP’s protection: Your role in the University determines to which information and transactions you may have access.  Should you provide your password to someone else, you are, in effect, giving this person access to information or transactions that should possibly not be accessible by that person. It may further present opportunities for breaching rules regarding the separation of duties, for example, allowing someone to both submit and authorise financial transactions. Thus disclosure of passwords may create the possibility for information theft and fraud. Even if the person is trustworthy, you will place the person under suspicion should any irregularities occur, irrespective of whether the person was involved or not.

Please feel free to send an e-mail to [email protected] should you have any questions or wish to discuss a specific situation.