Password complexity policies are designed to deter brute force attacks by increasing the number of possible passwords. New passwords must meet the following guidelines:
- The password does not contain all or part of the account name, first name or last name of the user. Part of an account name is defined as three or more consecutive alphanumeric characters delimited on both ends by white space such as space, tab, and return, or any of the following characters: comma (,), period (.), hyphen (-), underscore (_), or number sign (#).
- The password is at least eight characters long.
- The password contains characters from three of the following four categories:
Approved by the Information Technology Committee, October 13, 2016