UW-Madison - Password Best Practices

The Password Best Practices recommend measures users can take to effectively protect accounts using passwords.


  1. Each account should have its own unique password. Having unique passwords for each account prevents an attacker who gains access to one account from accessing other accounts that use the same password.
  2. Per NIST (National Institute of Science and Technology) recommendations, create a simple, but long passphrase. A passphrase is a string of typical English words linked together, similar to a sentence. One way of creating a strong passphrase is to use common words in uncommon combinations, such as speedy hot broccoli anteater. See “LastPass - How to create a strong and memorable password” for more guidance.
  3. Shared accounts should only be used when it is necessary to share information resources and there is no practical way to provide each person or system with a unique account to access those resources.
  4. UW-Madison owned devices, such as kiosks, that are  located in public places, such as libraries, should have very short time limits, as defined by policies.


Please address questions or comments to itpolicy@cio.wisc.edu.


Keywordspassword   Doc ID126807
OwnerHeather J.GroupIT Policy
Created2023-03-22 12:18:00Updated2024-05-15 12:14:16
SitesIT Policy
Feedback  0   0