Password complexity policies are designed to deter brute force attacks by increasing the number of possible passwords. New passwords must meet the following guidelines:
- The password does not contain all or part of the account name, first name or last name of the user. Part of an account name is defined as three or more consecutive alphanumeric characters delimited on both ends by white space such as space, tab, and return, or any of the following characters: comma (,), period (.), hyphen (-), underscore (_), or number sign (#).
- The password is at least 10 characters long.
- The password contains characters from three of the following four categories:
-
At least one numeric character
-
0 through 9
-
-
At least one lower-case character
-
a through z
-
-
At least one upper-case character
-
A through Z
-
-
At least one special character
-
~`! @#$%^&*()_-+={[}]|\:;"'<,>.?/
-
-
-
Approved by the Information Technology Committee, October 13, 2016