Password Best Practice
All sensitive data environment systems should have a unique user ID and a private password. Each employee is personally responsible for the usage of his or her user ID and password.
Password Requirements
All User IDs with access to the sensitive data environment should utilize a strong password and meet the following minimum requirements:
- Every 90 days for employees
- Every 180 days for students
12 characters
New password should not be same as any of last 5 passwords used
- A maximum of 5 failed log-in attempts
- Lockout period should be 30 minutes or until a System Admin removes lock.
After 15 minutes of inactivity
Compare password to a commonly-used password dictionary to block the use of compromised
or weak passwords
All printable and Unicode characters as well as spaces.
