Topics Map > UW-Madison > Cybersecurity > Identity and Access Management
UW-Madison - IT - Password Standard
Applies to anyone who connects devices or systems to a UW-Madision network by any means.
Specifies the minimum length, complexity and other required and recommended practices for passwords used on devices and systems connected to the UW-Madision network.
The Password Standard is the implementation of the Password Policy
Background
The following standards have been developed in concert with the university community and established by the Office of Cybersecurity.
Requirements
Passwords chosen must:
be a minimum of eight (8) characters in length;
be memorized; if a password is written down it must be secure;
contain at least one (1) character from three (3) of the following categories:
- Uppercase letter (A-Z)
- Lowercase letter (a-z)
- Digit (0-9)
- Special character (~`!@#$%^&*()+=_-{}[]\|:;”’?/<>,.);
be private;
Passwords chosen must not:
contain a common proper name, login ID, email address, initials, first, middle or last name.
Recommendations
It is strongly recommended that:
passwords are changed twice per year (e.g., when clocks are adjusted in the spring and fall);
each password chosen is new and different.
Contact
Please address questions or comments to policy@cio.wisc.edu.
References
- Password Policy - http://kb.wisc.edu/itpolicy/cio-password-policy
- IT Policy Glossary - https://kb.wisc.edu/itpolicy/glossary