UW-Madison - IT - Password Policy
Applies to anyone who connects devices or systems to a UW-Madision network by any means.
Describes the required practices for passwords used on devices and systems connected to the UW-Madision network.
The Password Standard is the implementation of this policy.
- Of interest to:
- IT Security Staff
- IT Staff
- Cloud Services
- Identity Management
- Mobile Devices
- Network and Telecomm
- Personally-owned Dev.
- Access Control
- Config and Maintenance
- Data Handling Activities:
Devices and systems connected to the University of Wisconsin-Madison network must require passwords meeting the minimum standards set by the Office of the Chief Information Officer and, if possible, technically enforce them. Faculty, staff and students must adhere to the minimum passwords standards for all systems and applications that come into contact with University resources.
Systems That Cannot Comply with Minimum Standards
If the minimum standards cannot be met, the system must be protected by other means, such as, but not limited to, a dedicated firewall, limited network access or multi-factor authentication.
The University of Wisconsin-Madison ’s network and information systems provide the technical foundation for conduct of its academic, research and administrative missions. Providing this open access to information technology is imperative to ensuring academic freedom at the institution. An important part of providing this network access is ensuring that the network and associated information is secure.
The purpose of this policy is to provide guidance to faculty, staff, students and other authorized users regarding passwords in order to protect individual and University information and resources. Adherence to this policy will help ensure that the university network and information systems are secure and available to all.
Issued by the UW-Madison Vice Provost for Information Technology.
The University reserves the right to:
- suspend access to preserve the confidentiality, integrity and availability of the network, systems or information;
- periodically audit passwords for compliance; and
- pursue disciplinary action because of non-compliance.
Please address questions or comments to email@example.com.