UW-Madison - IT - Password Standard

Applies to anyone who connects devices or systems to a UW-Madision network by any means.

Specifies the minimum length, complexity and other required and recommended practices for passwords used on devices and systems connected to the UW-Madision network.

The Password Standard is the implementation of the Password Policy

Background

The following standards have been developed in concert with the university community and established by the Office of Cybersecurity.

Requirements

Passwords chosen must:

be a minimum of eight (8) characters in length;
be memorized; if a password is written down it must be secure;
contain at least one (1) character from three (3) of the following categories:

Uppercase letter (A-Z)
Lowercase letter (a-z)
Digit (0-9)
Special character (~`!@#$%^&*()+=_-{}[]\|:;”’?/<>,.);

be private;

Passwords chosen must not:

contain a common proper name, login ID, email address, initials, first, middle or last name.

Recommendations

It is strongly recommended that:

passwords are changed twice per year (e.g., when clocks are adjusted in the spring and fall);
each password chosen is new and different.

Contact

Please address questions or comments to itpolicy@cio.wisc.edu.

References

Password Policy - https://policy.wisc.edu/library/UW-514
IT Policy Glossary - https://kb.wisc.edu/itpolicy/glossary

Keywords:		Doc ID:	58605
Owner:	Tim B.	Group:	IT Policy
Created:	2015-12-01 09:00 CST	Updated:	2022-08-31 15:05 CST
Sites:	IT Policy
CleanURL:	https://kb.wisc.edu/it-password-standard
Feedback:	38 13 Comment Suggest a new document