Password Guidelines and Requirements
Each computer account is assigned to a single individual who is accountable for the activity on that account. Your passphrase is the key to the security of your account. Therefore, it is very important that its secrecy be maintained. Below are passphrase requirements and some guidelines to follow concerning your password.
Requirements:
- Users will be required to change their passphrases the first time they log in.
- Passphrases must be 16 characters long at minimum.
- Although not required, it is strong encouraged to use upper- and lowercase letters, numbers, and some special characters such as # ! _ or -. They cannot contain " / \ [ ] : ; | = , + * ? < or > .
- Passphrases are case sensitive.
- Passphrases will not expire
- If your account is compromised, you will be required to change your passphrase. This includes unauthorized activity detected on the account or an unrequested Duo push.
- The system maintains a passphrase history of each user's last 24 passwords used, preventing the user from re-using the last 24 passphrases.
- The minimum passphrase is one day. After a user changes their passphrase, they must wait 24 hours before they can change it again.
Guidelines:
- NEVER give your passphrase out to anyone, much less to someone over the phone. Your account is for your use and yours alone. YOU are responsible for all activity that occurs from your account.
- Choose a passphrase that is easy for you to remember, but not obvious to anyone else. Avoid using names which are personally associated with you, such as your name, the name of a family member or loved one, your pet's name, your car or boat’s make, your home town, your job title or any other items associated with your work.
- Don’t write down your passphrase, include it in any computer file, send it in a mail message, or post it next to your computer.
- Passphrases that are a phrase or mix of words are more secure than single words. The most secure passphrase contain letters and numbers. Some examples are "warandpeace3" or "apple22pie".
- After you select a good, secure passphrase, and it is time to change your passphrase.
- Change your passphrase immediately if you suspect that it has been discovered.
- Log off the system or turn off your computer whenever it will be left unattended and/or unsecured for any length of time.