Overview

The protection of confidential company and personal information and other sensitive data is the responsibility of every employee.  Your password is a key that controls access to this information.  This policy has been established to reinforce the security of our systems and information by requiring a strong, but reasonable password for every user.

What this password policy means for you: 

  • You and only you will know your Windows network logon password. 
  • If you forget your password, you must contact Information Technology to request a password reset. 
  • You will not be able to select a short, trivial password. Passwords must meet the complexity requirements of this policy (see below). 
  • The system will automatically reject your attempt to change a password to one that does not meet the complexity requirements. 
  • You will be required to change your password every 180 days (6 months). Windows will prompt you prior to the password expiration deadline. Keep in mind that you can change your password more often than every 180 days, if you choose.
  • You will not be able to reuse a password you used previously.

How to select Strong and Easily Remembered Passwords

The best passwords are easy to remember and type (so you are not tempted to write it down somewhere) and difficult to crack. Unfortunately, with traditional single word passwords those two criteria tend to work against each other. The current best practice password standard is the use of pass-phrases, rather than the traditional one-word password. A pass-phrase can be both extremely easy to remember, quick and easy to type, yet extremely difficult to crack. For example, consider the following pass-phrases: 

  • We won the game! 
  • Stars in the sky* 
  • Time for sushi & beer
  • Sunset at the beach! 

These pass-phrases are easy to conceive, easy to remember and type (since they can be constructed from real words you commonly use and type), and they satisfy the password complexity requirements. Most importantly, although they appear to be simple sentences, they are extremely difficult to compromise with password-cracking software due to the number and diversity of characters. Studies have demonstrated that pass-phrases with 10 characters or greater become extremely difficult to crack during a password’s life span.  Pass-phrases of 14 characters or greater are astronomically difficult to crack. Even the shortest example pass-phrase above is greater than 14 characters.

 

 

Password Complexity Requirements and Policy

Your password:

  • Must not contain the user's account name or parts of the user's full name that exceed two consecutive characters  
  • Must be at least (14) characters in length (the use of a pass-phrase is recommended)
  • Must be different than any previous password or pass-phrase.
  • Must contain characters from three of the following four categories: 
  1. English uppercase characters (A through Z) 
  2. English lowercase characters (a through z) 
  3. Base 10 digits (0 through 9) 
  4. Non-alphabetic characters (for example, !, $, #, %)
  5. The use of spaces between words is acceptable

    Must be different than any previous password or pass-phrase. 

Changing your password is easy, just follow these steps: 

  • You first must be connected to the company network (hardline, wi-fi or VPN).
  • Hit Ctrl+Alt+Delete (all keys at the same time) on your computer. 
  • Choose Change a password on the screen that appears. 
  • Enter your old (current) password where prompted. 
  • Complete the new password field with a pass-phrase matching the complexity requirements above. 
  • Retype the new pass-phrase in the confirm password field.