Strong Password Standard
Wayne State University
Wayne State University technology users are responsible for the security of their passwords. This responsibility is assigned in the university's Policy on the Acceptable Use of Information Technology Resources.
Purpose: This Strong Password Standard describes the requirements for acceptable password composition and maintenance by all Wayne State technology users. Its purpose is to reduce overall risk to the institution by helping WSU individuals reasonably avoid security and privacy risks that result from weak password choices.
Scope: This Standard applies to passwords used for all enterprise-level systems at Wayne State University. Adherence to the Strong Password Standard is the responsibility of each individual.
Composition: Wayne State technology users must observe the following requirements when selecting passwords:
- Password length: minimum of eight characters.
- Password complexity: must include at least one character from each of the following classes:
- lowercase letters
- uppercase letters
- numerals
- Password restrictions:
- Password cannot be found in common dictionaries, although you can use multiple words with a digit between them.
- Password cannot be a well-known or predictable phrase.
- Password cannot resemble the AccessID, birth date, or the name of the individual.
- Password history: The most recent password cannot be re-used.
Maintenance: passwords must be changed on a regular basis. Wayne State's Strong Password Standard calls for minimum password expiration cycles:
- Faculty, staff, student assistants, and guests must change their password at least once every 180 days. This includes Group AccessIDs.
- Students and retirees must change their password at least once every 360 days.
- Passwords that are not changed within the limits noted above are expired, and the individual must change his or her password during the next logon.
- The expiration cycle resets each time a password is successfully changed.
- An individual may change his or her password at any time—it is not necessary to wait for expiration.
- For AccessID passwords: individuals will receive an advance warning via e-mail of pending password expiration 2 weeks prior to and 3 days prior to expiration.
Protection: The integrity and secrecy of your password is a key element of your responsibility when using technology at Wayne State University. Treat your passwords as sensitive, confidential information. If someone demands to know your password, or if you suspect your password has been compromised, immediately report the incident to the Computing & Information Technology (C&IT) Help Desk at (313) 577-4778 or helpdesk@wayne.edu.
To help you maintain the integrity and secrecy of your password, here are some tips to remember:
- Never share your password with anyone, including managers, co-workers, administrative assistants, system administrators, family members, friends, or the C&IT Help Desk.
- Never reveal any passwords on questionnaires, via security forms, or in e-mails.
- Never talk about any of your passwords in front of others.
- Never hint at the format of any password (e.g., "my family name").
- Never write passwords down and store them near your computer.
- Never save passwords in Web browsers or computer programs; instead, type it in each time you need it.
- Never walk away from your computer without logging out, locking the keyboard, or invoking a password-protected screensaver.
Effective August 1, 2008; revised October 16, 2008
For additional help
