Account Passwords

For systems connected to the campus network, the following password standards are to be followed:

• All passwords must have a composition of at least eight (8) characters and should contain a combination of letters, numbers and special characters 

• Passwords on all general user accounts (accounts where the user does not have elevated Administrator rights) such as system/network access, Email, web access, etc. are to be changed yearly. Administrator-level passwords should be changed every six (6) months. 

• With the exception of Public Key Infrastructure (PKI) or Single Sign-On technology, Administrative-level passwords should be unique for each system. 

• Where applicable, passwords on systems and applications should be set to auto expire. Grace logins can be applied to assist users in creating a new password, but the grace login period should not exceed five (5) attempts.

Password renew periods will be left to the discretion of the departments and system Administrators that have responsibility for account management under their control.