Topics Map > UW-Madison > CIO > Identity and Access Management
Topics Map > UW-Madison > Cybersecurity > Access Control
Topics Map > UW-Madison > Cybersecurity > Configuration and Maintenance
UW-Madison - CIO - Password Standard
Applies to anyone who connects devices or systems to a UW-Madision network by any means.
Specifies the minimum length, complexity and other required and recommended practices for passwords used on devices and systems connected to the UW-Madision network.
The Password Standard is the implementation of the Password Policy
- Of interest to:
- Alumni
- Applicants
- Faculty
- IT Security Staff
- IT Staff
- Staff
- Students
- Subjects:
- Cloud Services
- Cybersecurity
- Identity Management
- Mobile Devices
- Network and Telecomm
- Personally-owned Dev.
- Cybersecurity:
- Access Control
- Config and Maintenance
- Data Handling Activities:
- Access
Background
The following standards have been developed in concert with the university community and established by the Office of Cybersecurity.
Requirements
Passwords chosen must:
be a minimum of eight (8) characters in length;
be memorized; if a password is written down it must be secure;
contain at least one (1) character from three (3) of the following categories:
- Uppercase letter (A-Z)
- Lowercase letter (a-z)
- Digit (0-9)
- Special character (~`!@#$%^&*()+=_-{}[]\|:;”’?/<>,.);
be private;
Passwords chosen must not:
contain a common proper name, login ID, email address, initials, first, middle or last name.
Recommendations
It is strongly recommended that:
passwords are changed twice per year (e.g., when clocks are adjusted in the spring and fall);
each password chosen is new and different.
Contact
Please address questions or comments to policy@cio.wisc.edu.
References
- Password Policy - http://kb.wisc.edu/itpolicy/cio-password-policy
- IT Policy Glossary - https://kb.wisc.edu/itpolicy/glossary