Topics Map > UW-Madison > CIO > Identity and Access Management
Topics Map > UW-Madison > Cybersecurity > Access Control
Topics Map > UW-Madison > Cybersecurity > Configuration and Maintenance

UW-Madison - CIO - Password Standard

Applies to anyone who connects devices or systems to a UW-Madision network by any means.

Specifies the minimum length, complexity and other required and recommended practices for passwords used on devices and systems connected to the UW-Madision network.

The Password Standard is the implementation of the Password Policy

  • Of interest to:
    • Alumni
    • Applicants
    • Faculty
    • IT Security Staff
    • IT Staff
    • Staff
    • Students
  • Subjects:
    • Cloud Services
    • Cybersecurity
    • Identity Management
    • Mobile Devices
    • Network and Telecomm
    • Personally-owned Dev.
  • Cybersecurity:
    • Access Control
    • Config and Maintenance
  • Data Handling Activities:   
    • Access


The following standards have been developed in concert with the university community and established by the Office of Cybersecurity.


  • Passwords chosen must:

    • be a minimum of eight (8) characters in length;

    • be memorized; if a password is written down it must be secure;

    • contain at least one (1) character from three (3) of the following categories:

      • Uppercase letter (A-Z)
      • Lowercase letter (a-z)
      • Digit (0-9)
      • Special character (~`!@#$%^&*()+=_-{}[]\|:;”’?/<>,.);
    • be private;

  • Passwords chosen must not:

    • contain a common proper name, login ID, email address, initials, first, middle or last name.


  • It is strongly recommended that:

    • passwords are changed twice per year (e.g., when clocks are adjusted in the spring and fall);

    • each password chosen is new and different.


Please address questions or comments to


Keywords:   Doc ID:58605
Owner:GARY D.Group:IT Policy
Created:2015-12-01 10:00 CDTUpdated:2018-07-27 15:27 CDT
Sites:IT Policy
Feedback:  1557   24