What are the password complexity requirements?

  • Passwords shall be at a minimum 8 characters in length and no longer than 16 characters.
  • Passwords shall be comprised of at least one of each of the following:
    • Upper case letters
    • Lower case letters
    • Numbers
  • Passwords shall not contain the username alias (the portion of the user’s email address before @yourdomain.com).  
  • Username, first name, last name, spaces cannot be used within the password
  • Passwords shall not begin or end with ! (an exclamation point)
  • Allowed special characters are: @ # $ % ^ & * - _ + = [ ] { } | \ : ’ . ? / ` ~ ” < > ( ) ; !
  • Passwords shall not be shared. No one will ever ask you for your password.
  • Passwords shall be changed at a minimum every 90 days for all in-scope users
  • Passwords shall not be reused until twenty-four additional passwords have been created
  • If a user suspects any password has been compromised or is known by another individual the user shall immediately change their password and notify their local administration