Password Policy
All,
Cybersecurity threats are a growing problem. To protect ourselves we use multiple layers of security. Some security examples include our firewall, endpoint protection, and 2-factor authentication.
An area of weakness is our password policy. With advances in computing power our passwords are too short and easily cracked. Also, our passwords never change creating opportunity for hackers to attack us.
Our new password policy is:
- Minimum password length is now 14 characters. It is recommended avoiding dictionary words in passwords.
2. Passwords cannot have more than two consecutive characters of your username. For example, if your username is lrt9988 your password can not have any more than two consecutive characters case insensitive.
In this case your password can not have Rt9 or 998.
3. The password cannot have your name in it. For example, lrt9988’s name is Larry Ring. Larry, larry, Ring, nor ring is an acceptable part of the password.
4. Maximum password age is 120 days. This means you must change your password at least every 120 days.
5. Minimum password age is 3 days. After your password is changed it cannot be changed again for 3 days.
6. Five passwords are stored in password history which means you cannot reuse any of the last five previous passwords.
7. Complex passwords are now required. This means that passwords must have three of the following four character types; alpha numeric number 0-9, lower case letter a-z, upper case letter A-Z or special
characters (~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/)
Using all 4 is recommended.
Password expiration notifications will be sent eight days prior to the password expiring. Once a password has expired the account is locked and IT help is required to reset it.
Examples for lrt9988 (Larry Ring) that will fail
lrt7aD189gba!* (lrt is part of username)
hello5itstimei (only two character types, consider changing one to upper case)
Jolly0t!me (not long enough, needs to be 14 characters)
Examples of good passwords
!T1me4Fun=2021
$J0y2the?Wor!d
s0meL1keitH0t!