Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

ITS has created a password management system that allows passwords to be used for intervals of up to 180 days if the password meets complexity standards.  Using a series of best practices, the password manager will guide you through creating a more secure password that can be valid for longer periods of time.  

When changing your password you will notice a strength meter that will reveal the strength class of your password as you type it.  The strength class determines how long your password can be used. 

Moderate password = 90 days

Strong password = 120 days

Very strong password = 180 days

Use this chart to determine what constitutes a complex password.  

Image Removed

** Character classes are defined as (a) Uppercase Letters (b) Lowercase Letters (c) Numbers (d) Approved Symbols

...

Password Requirements and

...

Restrictions:

  1. Your password must be at least 8 characters in length for standard users or 12 characters in length for users who have access to confidential data. Why? Length is the simplest way to increase security.

  2. You will not be able to use any part of your name or username. Why? This information is often stored in public directories alongside your username.

  3. You will not be able to reuse a previous password or a password that is too similar to the old password.  Why?  In the event of a compromise, the password will often be sold or added to hacker databases.  Using the same password puts you at risk.  

  4. You will not be able to use only one dictionary word in your password.  Why?  Password cracking tools easily recognize dictionary word sequences.

  5. You will not be able to use number substitutions for letters. (eg. f00tba11 will be seen as football) Why? Unfortunately, Password cracking tools are on to these practices. 

  6. Approved symbols are:  ! + - _ * ? % . { } ~ 
  7. Must use a combination of uppercase letters, lowercase letters, numbers, and symbols. Standard users must have at least 2 of those character classes; users with access to confidential data must have at least 3 of the 4 character classes.

...