Establish a best-practice for using strong passwords, as complex as the host system allows.Characteristics:
|1. Minimum Length
||8 characters. On systems with a maximum password length of less than 8 characters, use the maximum length that the system supports. |
||90 days or less.|
|3. Password History
||8 password changes are required before reusing a previous password. (To prevent recycling passwords.)|
|4. Minimum Password Age
||1 day. You may only change your password once each day. (To prevent recycling passwords.)|
||After 5 unsuccessful log-on attempts. The password may be unlocked automatically by the system after 30 minutes, or by request to an authorized person who must verify the identity of the requestor.|
- Must contain characters from three of these categories, and be enforced when a password is created or changed:
- Upper Case Letters: A through Z
- Lower Case Letters: a through z
- Numerals: 0 through 9
- All non-alphanumeric characters, such as: ! @ # % $
- No more than two identical characters in a row
- The password cannot contain the user's first name, middle name, last name, or username.
|6. Inactivity Timeout
||60 minutes. Interactive terminal sessions must be timed out by the application or host service.|
For additional suggestions, visit the Creating Secure Passwords information page.
For the UK Medical Center systems, please review the Medical Center Password Requirements.
For More Assistance
Please contact the IT Support if you have any questions or problems while following these instructions. Our contact information and availability are available on the Main Wiki Page. Published By
University of Kentucky Information Technology Support
© 2008 University of Kentucky. This document is maintained by the University of Kentucky Information Technology department for the students, faculty and staff of the University. All rights reserved. Duplication of this document is permitted to the aforementioned audience.An Equal Opportunity University