Strong Password Standard
1. Background and Rationale
The policy states that Notre Dame computer users are responsible for their use of and access to data and technology on campus. The integrity and secrecy of an individual's password is a key element of that responsibility.
This standard describes the University's requirements for acceptable password selection and maintenance. Its purpose is to reduce overall risk to the institution by helping computer users reasonably avoid security and privacy risks that result from weak password choices and to encourage attention to password secrecy.
2. Password Composition
NetID passwords must meet the following requirements:
Password minimum length: A password must be no fewer than eight characters.
, in combination with password complexity, makes a password difficult to guess and less vulnerable to brute force attacks. Though technology constraints may impose maximum length or other restrictions, use of "Pass Phrases" - memorable short sentences instead of single words – should be used where possible.
Password complexity: A password must include at least 1 character from 3* different character classes.
is the combination of characters in different classes that comprise the password. Password must include character from 3 or the following classes:
- Uppercase letters: A-Z
- Lowercase letters: a-z
- Numbers: 0-9
- Non-alphanumeric characters: for example $, !, #
Difficult to Guess or Break
- Passwords should not be composed of a single common word or be a predictable phrase, e.g. “GoIrish1” or “NotreDame2016” are poor choices for a password. Birthdays are also poor choices sine they are very easily guessed.
- Password must not resemble the NetID or the name of the account holder. Family names should also be avoided.
*Guest NetIDs only require 2 character classes.
3. Non-Expiring Passwords
A Notre Dame computer user is not required to change their password unless their user account password has been compromised. If a user’s password is compromised or suspected to be, the OIT Help Desk will reset the user’s password and contact the user.
NetID users may change their password at any time at password.nd.edu.
4. Reuse of Passwords
A NetID password must never be used with systems or services that do not participate in Notre Dame enterprise authentication.
Exceptions to these standards require the approval of the University’s Director of Information Security.
Notre Dame ranks #6
on IDG's Computerworld
Best Places to
Work in IT 2016