Campus electronic communications systems or services must identify users and authorize access by means of passwords or other secure authentication processes (e.g. biometrics or Smart Cards).
When passwords are used, they must meet the Minimum Password Complexity Standards [below]. In addition, shared-access systems must enforce these standards whenever possible and appropriate and require that users change any pre-assigned passwords immediately upon initial access to the account.
All passwords must meet the following complexity guidelines:
The password MUST:
- Contain seven (7) characters or more
- Contain characters from three of the following four character classes:
- Lower case letters (e.g., a-z)
- Upper case letters (e.g., A-Z)
- Numeric (i.e. 0-9)
- Punctuation and other characters (e.g., !@#$%^&*()_+|~-=\`{}[]:";'<>?,./)
The password MUST NOT be:
- A derivative of the username
- A word found in a dictionary (English or foreign)
- A dictionary-word spelled backwards
- A dictionary-word (forward or backwards) preceded and/or followed by any other single character (e.g., secret1, 1secret, secret?, secret!)
Why do I need a strong password?
Passwords are used for various purposes at the University. Some of the more common uses include: local accounts, web accounts, and email accounts. A weak (or absent) password is one of the most common ways for an attacker to compromise your account; therefore, you should be aware of how to select strong passwords.
Aside from the password requirements in the Minimum Standards document, what are some other guidelines I should follow?
How can I change my password?