This article lists password requirements and provides guidance. Directions for setting your first password, changing your password, or setting a new password if you've forgotten it are here:
Article - Setting or Changing Your Pa...IC Password Policy
Passwords must:
- Be at least 12 characters long
- Exceptions:
- Passwords for "privileged accounts," such as those used by IT staff to manage systems must be at least 15 characters.
- Passwords for "service accounts" used by computers and software must be at least 20 characters.
- Have characters from three of these four groups:
- Upper case letter
- Lower case letter
- Number
- Special character, such as ! % * + - ? _
- Not contain your name, username, or common words like ithaca, password, 2026, etc.
- Be unique and never used anywhere else at any time.
- Not be a modified version of an old password, such as appending "26!"
Choosing a Password
- Good passwords are long, hard to guess, and easy to remember
- One or two words even with character substitutions like "4" for "A" is not good enough
- Passphrases can be good
- A passphrase is a series of five or more random words. They must not be a sentence or part of one, a quote, song lyrics, etc.
- Good passphrase: "picture coffee Wisconsin! 79278 Firefly"
- Bad passphrase: "Never gonna give you up."
- Consider adding a short random string of characters to strengthen your passphrase, like *Yy6r.
- Using the first letters of each word in a sentence can also be good
- Keep all the capitalization, numbers, and punctuation.
- "Zoe rented a 19 foot boat and went fishing on Cayuga Lake." becomes "Zra19'bawfoCL."
Password Managers
- It is difficult to remember more than a couple passwords. Don't write them down or store them unencrypted.
- Instead use a password manager like LastPass, BitWarden, or 1Password to generate and store random passwords for you
Only criminals will ask you for your password. Never enter it on a form!