Password Requirements FAQ
Once the password reset and MFA implementation is initiated by our IT department you will be prompted to change your password and enroll in MFA at the next login. There is no need to change your password before being prompted to do so. This means that the user must change their current password to meet the new password complexity requirements and enroll in MFA before they can access the system or applications. Here's what happens when a password reset is required at the next login:
- User Prompt: When the user attempts to log in with their current password, they will receive a notification or prompt indicating that their password has expired or that a reset is required. This message will instruct them to change their password.
- Password Reset Process: The user is directed to a password reset process, which usually involves providing the old password (to verify their identity), creating a new password, and confirming the new password.
- Password Complexity Requirements: Users may be required to adhere to specific password complexity rules, such as using a minimum length, including a mix of uppercase and lowercase letters, numbers, and special characters. These requirements enhance the strength of the new password.
- Password Confirmation: After entering the new password, the user typically needs to confirm it by entering it a second time. This ensures that the user doesn't make any typos when setting the new password.
- Successful Reset: Once the new password meets the system's requirements and matches the confirmation, the system will accept the new password, and the user will be prompted to enroll in MFA.
- Enroll in Multi-Factor Authentication: Once we enable our organization, and your account, for multi-factor authentication (MFA) you will be able to set up your user account to use it. This should only take a minute or so.
- Access Restored: With the new password successfully set and enrollment into MFA, the user can now access the system or application as usual.
Complex passwords are essential in a higher education environment for several important reasons:
Data Security: Higher education institutions handle a vast amount of sensitive information, including student records, research data, and financial data. Complex passwords are a fundamental defense against unauthorized access to this valuable information.
Compliance: Many educational institutions are subject to regulatory requirements like the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA), which mandate the protection of personal and healthcare data. Complex passwords are often a requirement for compliance.
Preventing Unauthorized Access: With a large and diverse user base, higher education institutions are at greater risk of unauthorized access to accounts and systems. Complex passwords make it more challenging for unauthorized users to gain access.
Preventing Data Breaches: Data breaches can have serious consequences, including reputational damage, legal issues, and financial costs. Complex passwords are an essential component of defense against data breaches.
Protecting Research: Educational institutions often conduct cutting-edge research, some of which may be sensitive or proprietary. Complex passwords help protect this research from unauthorized access.
Network and System Security: Higher education institutions rely on complex networks and systems. Weak passwords can be a vulnerability that malicious actors exploit to compromise these systems.
Phishing Attacks: Phishing attacks, where attackers try to trick users into revealing their credentials, are common in educational environments. Complex passwords are harder for attackers to guess or crack, adding a layer of security.
User Account Security: Complex passwords help safeguard individual user accounts. Compromised accounts can lead to various issues, including identity theft and unauthorized access to personal information.
Preventing Unauthorized Sharing: In a shared educational environment, students and staff may be tempted to share login credentials. Complex passwords discourage this behavior, as sharing complex passwords can be more challenging.
Teaching Good Security Practices: By requiring and promoting complex passwords, higher education institutions can educate students, faculty, and staff about the importance of cybersecurity and good password practices, preparing them for the workforce where similar practices are often required.
We are requiring complex passwords for your Google account for email and your Microsoft account which is tied to your Workday login, your on-campus network login, and your Banner account. To ensure the highest level of security, we have established the following password requirements:
Password Complexity Requirements:
1. Password Length: Your password must be a minimum of 10 characters long.
2. Complexity: The password should include a combination of uppercase and lowercase letters, numbers, and special characters (@, #, $, %, etc.).
3. Avoid Common Words: Please refrain from using easily guessable information such as your name, username, company name, or common dictionary words.
4. Password Updates: Required password changes will occur every 180 days /6 months, and it is recommended that you never reuse the same password across multiple accounts.
5. Account Lockout: After 5 unsuccessful login attempts, your account will be temporarily locked for 15 minutes due to security reasons. If this happens, and it is an emergency please contact the IT support team to have your account unlocked immediately.
To help you create strong and memorable passwords, consider using passphrases—a combination of random words or phrases that are easy for you to recall but difficult for others to guess. For example, "Eagle@2023" is a strong passphrase that meets the requirements and is unique to you. Avoid using passwords that you have previously used or those associated with other personal accounts.