STRONG PASSWORD GUIDELINES
Passwords are a means of controlling access to Information Resources. Unauthorized access can
compromise information confidentiality, integrity and availability resulting in loss of revenue, liability, loss
of trust or embarrassment to U. T. System Administration.
U. T. System Administration’s security policy
calls for the use of strong passwords to ensure password confidentiality and protect the data at System
Administration.
Password requirements:
All passwords, including initial passwords, must be constructed, implemented, and maintained according to
the System Administration password policy. Passwords must:
-
Be changed at least annually
-
Be changed immediately if the security of the password is in doubt
-
Be treated as confidential information
-
Have a minimum length of 8 characters
-
Be comprised of a combination of alpha, numeric or special characters
-
Be encrypted when stored or transmitted
-
Must not contain words commonly found in the English dictionary
Definitions
Strong Password: A strong password is constructed so that another user or a “hacker” program cannot
easily guess it. It is typically a minimum number of positions in length and contains a combination of
alphabetic, numeric, or special characters. Combine short, unrelated words with numbers, special
characters, or mixed case. For example: eAt42peN
Constructing a Strong Password
System Administration has adopted Microsoft’s strong password implementation. To construct a strong
password you must use 3 of the following character sets and have a minimum of 8 characters:
Upper case letters (A – Z)
Lower case letters (a – z)
Numbers (0-9)
Special Characters (#$%&* etc)
Examples:
2BorNot2B
*TT4now!
Gre@td@y
Strong Password Guidelines
Passwords should not be easily related to such personal information as:
• your username or logon ID your employee number
• your given name
• names of family, friends, pets, co-workers, fantasy characters, etc.
• your nickname
• your social security or driver’s license number
• your birthday
