Screen Locking | Computing for Arts + Sciences
  1. Home
  2. Services
  3. Computers
  4. FAQs & Documentation
  5. Screen Locking

Screen Locking

Locking a computer screen when inactive might seem like an inconvenience, but it really is a security consideration. CAS locks the screen after 15 minutes to ensure compliance with FERPA standards and ensure the security of UNT data in the event the computer is left unlocked and unattended.

Policies

There are several policies and suggestions that come into play when deciding the lockscreen timout:

  • UNTS Information Security Handbook states:
    • 11.3.6: "Unattended computers and terminals should be logged off or protected with a screen and keyboard locking mechanism controlled by a password, token, or similar authentication mechanism."
  • UNT Policy 04.003 for Computer Use states:
    • II: "Misuse of Computing Resources. The following actions constitute misuse of the University's computer resources and are strictly prohibited for all Users:"
      • II.E: "Failure to protect a password or account from unauthorized use."
      • II.F: "Permitting someone to use another's computer account, or using someone else's computer account."
      • II.G: "Unauthorized use, access, reading, or misuse of any electronic file, program, network, or the system."
    • III: "Responsibilities of Users:"
      • III.B: "A user is responsible for any usage of his or her computer account, computing resources, or data entrusted to him or her. Users should maintain the secrecy of their password(s)."
  • UNT Policy 05.022 for Flexible Work Arrangments states:
    • III: "Requirements:"
      • III.J: "A password protected screen saver must be used at all times on the remote computer."
  • NCES, regarding FERPA, suggests:
    • Page 46, Technical Practices: "Set reasonable timeout intervals on computers (5 to 15 minutes), so that after the specified interval of inactivity, the machine will log off the network and its screen will lock, requiring a password to re-access."
  • Microsoft Best Practices suggests:
    • "Set the time for elapsed user-input inactivity based on the device's usage and location requirements. For example, if the device or device is in a public area, you might want to have the device automatically lock after a short period of inactivity to prevent unauthorized access. However, if the device is used by an individual or group of trusted individuals, such as in a restricted manufacturing area, automatically locking the device might hinder productivity."

Additional national and international policies and suggestions are bountiful. The above listed are the most relevant to CAS.

Exceptions

The 15 minute timeout can be extended under specific conditions:

  • Requestor has valid reason registered with the Office of Disability Access.
  • The timeout is drastically affecting research and/or learning. Annoyances due to the timeout are not considered to affect research and/or learning. Publically accessible computers will not be considered; the computer must be in a secure location for consideration.