REQUEST HELP
How to Find Us

Contact ITS

Exley Science Center
ITS Service Desk / Help Desk - 1st Floor Lobby
265 Church Street
Middletown, CT 06459

Main: 860-685-4000

Hours: Monday - Friday
8:30am - 5:00pm

After hours high impact / high urgency IT support

Password Standard 

 

Purpose 

To outline the password complexity rules for accounts used on any university Information Technology Resource (ITR). 

 

Scope 

This applies to all accounts on any ITR administered by university employees. 

 

Standard 

User passwords 

User passwords must meet one of the following rulesets: 

  1. 8 characters in length with at least 1 number and at least 1 alpha or special character
  2. 14 characters in length 

User passwords for accounts that do not use multi-factor authentication (MFA) are required to be changed annually.  User passwords for accounts that use MFA are only required to be changed when it is believed that someone else has acquired the password. 

Service account passwords 

Service account passwords must meet one of the following rulesets: 

  1. 20 characters in length with at least 2 numbers, 2 lowercase letters, 2 uppercase letters, and 2 special characters 
  2. 28 characters in length and containing only letters 
  3. 40 characters in length and containing only numbers 

Service accounts that are unable to meet any of the above rulesets must be changed at a frequency set by the Chief Information Security Officer (CISO).  Service accounts must be changed when an individual who knows the password either changes to a role that no longer requires knowledge of the password or leaves the university. 

All service account passwords must be stored in the university’s approved password management system. 

Exceptions 

All exceptions to this standard require written approval from the Chief Information Security Officer.  All exceptions require annual renewal. 

 

Appendix 

Definitions and Terms 

Information Technology Resources (ITR) – This includes, but is not limited to, end-user computing devices, services, networks, email, software, printers, scanners, video distribution systems, telephone systems, fax systems, and other computer hardware and software, whether owned by the university or contracted by the university from a third party.  

Approved password management system 

The university’s approved password management system is LastPass. 

 

Revision History 

August 2024 – Standard adopted