Topics Map > UW-Madison > Cybersecurity > Identity and Access Management

UW-Madison - IT - Password Standard

Applies to anyone who connects devices or systems to a UW-Madision network by any means.

Specifies the minimum length, complexity and other required and recommended practices for passwords used on devices and systems connected to the UW-Madision network.

The Password Standard is the implementation of the Password Policy



Background

The following standards have been developed in concert with the university community and established by the Office of Cybersecurity.

Requirements

  • Passwords chosen must:

    • be a minimum of eight (8) characters in length;

    • be memorized; if a password is written down it must be secure;

    • contain at least one (1) character from three (3) of the following categories:

      • Uppercase letter (A-Z)
      • Lowercase letter (a-z)
      • Digit (0-9)
      • Special character (~`!@#$%^&*()+=_-{}[]\|:;”’?/<>,.);
    • be private;

  • Passwords chosen must not:

    • contain a common proper name, login ID, email address, initials, first, middle or last name.

Recommendations

  • It is strongly recommended that:

    • passwords are changed twice per year (e.g., when clocks are adjusted in the spring and fall);

    • each password chosen is new and different.

Contact

Please address questions or comments to policy@cio.wisc.edu.





Keywords: cioDoc ID:58605
Owner:GARY D.Group:IT Policy
Created:2015-12-01 10:00 CDTUpdated:2019-03-16 13:04 CDT
Sites:IT Policy
CleanURL:https://kb.wisc.edu/itpolicy/cio-password-standard
Feedback:  2341   55