UW-Madison - IT - Password Standard

Applies to anyone who connects devices or systems to a UW-Madision network by any means.

Specifies the minimum length, complexity and other required and recommended practices for passwords used on devices and systems connected to the UW-Madision network.

The Password Standard is the implementation of the Password Policy

Of interest to:

Alumni

Applicants

Faculty

IT Security Staff

IT Staff

Staff

Students

Subjects:

Cloud Services

Cybersecurity

Identity Management

Mobile Devices

Network and Telecomm

Personally-owned Dev.

Cybersecurity:

Access Control

Config and Maintenance

Data Handling Activities:

Access

Background

The following standards have been developed in concert with the university community and established by the Office of Cybersecurity.

Requirements

Passwords chosen must:

be a minimum of eight (8) characters in length;
be memorized; if a password is written down it must be secure;
contain at least one (1) character from three (3) of the following categories:

Uppercase letter (A-Z)
Lowercase letter (a-z)
Digit (0-9)
Special character (~`!@#$%^&*()+=_-{}[]\|:;”’?/<>,.);

be private;

Passwords chosen must not:

contain a common proper name, login ID, email address, initials, first, middle or last name.

Recommendations

It is strongly recommended that:

passwords are changed twice per year (e.g., when clocks are adjusted in the spring and fall);
each password chosen is new and different.

Contact

Please address questions or comments to policy@cio.wisc.edu.

References

Password Policy - http://kb.wisc.edu/itpolicy/cio-password-policy
IT Policy Glossary - https://kb.wisc.edu/itpolicy/glossary

Keywords:	cio	Doc ID:	58605
Owner:	GARY D.	Group:	IT Policy
Created:	2015-12-01 09:00 CST	Updated:	2018-11-14 18:33 CST
Sites:	IT Policy
CleanURL:	https://kb.wisc.edu/itpolicy/cio-password-standard
Feedback:	1859 29 Comment Suggest a new document