Password Policy
- Must be 8 characters long
- Must include at least one (1) number and (1) special character (!, @, #, $, %, ^, &, *, ?, <, >, |, /)
- May not contain repetitive or sequential characters (e.g. 'aaaa', '1234', 'abcd')
- May not contain context specific words such as name of the service, the user's first or last name, the username and derivatives thereof
NOTE: We encourage the use of passphrases. A passphrase is a series of words or other text strung together that hold meaning to the user but not to anyone else. When combined with the rules for complex passwords they can be very secure (Ex: MyBlu3NiS$@n, 0urD0gM@x)
Password Maintenace
- Passwords will need to be updated every 90 days. A notification will be provided within the system beginning 10 days prior to password expiration.
- Passwords cannot be re-used or rotated within ten previous password changes
- All accounts shall be locked out on the third-consecutive unsuccessful logon attempt. The system may release a locked-out account after 30 minutes has elasped. Additionally, an authorized system administrator can unlock accounts prior to 30 minute time period expiration upon request.