Password Standards

Passwords verify your identity, which protects against account compromises and fraudulent access to data and resources.  They are your only line of defense when not used in combination with other authentication mechanisms, and they are easier to crack if best practices are not followed.  ITS will be strengthening our policies and practices regarding password creation and management.  The first change pertains to password length because a longer password is much stronger.  Effective December 1, all newly created, changed, or reset passwords will be required by the NetID system to be 12 characters or longer.  This change is coupled with a recommendation to create easier to remember and modify passphrases.  To support adoption, the ITS Information Security Office has published additional recommendations and advice on passwords at  We ask that you review and adjust password requirements for any systems you manage.