UW-Madison - IT - Password Standard

Applies to anyone who connects devices or systems to a UW-Madision network by any means.

Specifies the minimum length, complexity and other required and recommended practices for passwords used on devices and systems connected to the UW-Madision network.

The Password Standard is the implementation of the Password Policy

  • Of interest to:
    • Alumni
    • Applicants
    • Faculty
    • IT Security Staff
    • IT Staff
    • Staff
    • Students
  • Subjects:
    • Cloud Services
    • Cybersecurity
    • Identity Management
    • Mobile Devices
    • Network and Telecomm
    • Personally-owned Dev.
  • Cybersecurity:
    • Access Control
    • Config and Maintenance
  • Data Handling Activities:   
    • Access


The following standards have been developed in concert with the university community and established by the Office of Cybersecurity.


  • Passwords chosen must:

    • be a minimum of eight (8) characters in length;

    • be memorized; if a password is written down it must be secure;

    • contain at least one (1) character from three (3) of the following categories:

      • Uppercase letter (A-Z)
      • Lowercase letter (a-z)
      • Digit (0-9)
      • Special character (~`!@#$%^&*()+=_-{}[]\|:;”’?/<>,.);
    • be private;

  • Passwords chosen must not:

    • contain a common proper name, login ID, email address, initials, first, middle or last name.


  • It is strongly recommended that:

    • passwords are changed twice per year (e.g., when clocks are adjusted in the spring and fall);

    • each password chosen is new and different.


Please address questions or comments to policy@cio.wisc.edu.


Keywords: cioDoc ID:58605
Owner:GARY D.Group:IT Policy
Created:2015-12-01 09:00 CSTUpdated:2018-11-14 18:33 CST
Sites:IT Policy
Feedback:  2199   43