IT PolicyExternal KB

Background

The following standards have been developed in concert with the university community and established by the Office of Cybersecurity.

Requirements

• Passwords chosen must:

• be a minimum of eight (8) characters in length;

• be memorized; if a password is written down it must be secure;

• contain at least one (1) character from three (3) of the following categories:

• Uppercase letter (A-Z)
• Lowercase letter (a-z)
• Digit (0-9)
• Special character (~`!@#$%^&*()+=_-{}[]\|:;”’?/<>,.);

• be private;

• Passwords chosen must not:

• contain a common proper name, login ID, email address, initials, first, middle or last name.

Recommendations

• It is strongly recommended that:

• passwords are changed twice per year (e.g., when clocks are adjusted in the spring and fall);

• each password chosen is new and different.

Contact

Please address questions or comments to policy@cio.wisc.edu.