Biology Information Technology Services

Password policies

Campus electronic communications systems or services must identify users and authorize access by means of passwords or other secure authentication processes (e.g. biometrics or Smart Cards).

When passwords are used, they must meet the Minimum Password Complexity Standards [below]. In addition, shared-access systems must enforce these standards whenever possible and appropriate and require that users change any pre-assigned passwords immediately upon initial access to the account.

Minimum Password Complexity Standards

All passwords must meet the following complexity guidelines:

The password MUST:

Contain seven (7) characters or more

Contain characters from three of the following four character classes:

Lower case letters (e.g., a-z)

Upper case letters (e.g., A-Z)

Numeric (i.e. 0-9)

Punctuation and other characters (e.g., !@#$%^&*()_+|~-=\`{}[]:";'<>?,./)

The password MUST NOT be:

A derivative of the username

A word found in a dictionary (English or foreign)

A dictionary-word spelled backwards

A dictionary-word (forward or backwards) preceded and/or followed by any other single character (e.g., secret1, 1secret, secret?, secret!)

Why do I need a strong password?

Passwords are used for various purposes at the University. Some of the more common uses include: local accounts, web accounts, and email accounts. A weak (or absent) password is one of the most common ways for an attacker to compromise your account; therefore, you should be aware of how to select strong passwords.

Aside from the password requirements in the Minimum Standards document, what are some other guidelines I should follow?

Do not use an easily guessed password. Some examples of passwords that would be easy to guess:
- Names of family, pets, friends, co-workers, etc.
- Computer terms and names, commands, sites, companies, hardware, software.
- Birthdays and other personal information such as addresses and phone numbers.
- Word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc.
Passwords should never be written down or stored on-line.
In general, a password should be as long as possible while still being easy-to-remember. One way to do this is create a password based on an easy-to-remember phrase. For example, the phrase might be: "This May Be One Way To Remember" and the password could be: "TmB1w2R!" or "Tmb1W>r~" or some other variation. NOTE: Do not use either of these examples as passwords!
You should change your passwords on a regular basis, at least every six months. You should also change your password any time you suspect that your account has been compromised or tampered with.
Try to use a different password for every system. At a minimum, do NOT use the same password for any of your University accounts that you use for a non-University service or third-party web site.

How can I change my password?

Go to the Change Password Page

This page is for the use of Faculty, Staff, and Students of the Department of Biology, Texas A&M University. It was created by Biology Computing Services and any questions, complaints or suggestions should be directed to them.

last updated: 31 May 2011