Password Guidelines and Requirements
Each computer account is assigned to a single individual who is accountable for the activity on that account. Your password is the key to the security of your account. Therefore, it is very important that its secrecy be maintained. Below are password requirements and some guidelines to follow concerning your password.
- Users will be required to change their passwords the first time they log in.
- Passwords must be eight or more characters long. They can contain upper- and lowercase letters, numbers, and some special characters such as # ! _ or -. They cannot contain " / \ [ ] : ; | = , + * ? < or > .
- Passwords are case sensitive.
- A user's password will expire every 180 days from the date it was last changed.
- The system maintains a password history of each user's last 24 passwords used, preventing the user from re-using the last 24 passwords.
- The minimum password age is one day. After a user changes their password, they must wait 24 hours before they can change it again.
- NEVER give your password out to anyone, much less to someone over the phone. Your account is for your use and yours alone. YOU are responsible for all activity that occurs from your account.
- Choose a password that is easy for you to remember, but not obvious to anyone else. Avoid using names which are personally associated with you, such as your name, the name of a family member or loved one, your pet's name, your car or boat’s make, your home town, your job title or any other items associated with your work.
- Don’t write down your password, include it in any computer file, send it in a mail message, or post it next to your computer.
- Passwords that are a phrase or mix of words are more secure than single words. The most secure passwords contain letters and numbers. Some examples are "warandpeace3" or "apple22pie".
- After you select a good, secure password, and it is time to change your password, you can simply add a number or letter to the end.
- Change your password immediately if you suspect that it has been discovered.
- Log off the system or turn off your computer whenever it will be left unattended and/or unsecured for any length of time.