The Passwords must meet the following complexity requirements.

1). The password must have a minimum password length of 8 characters.

2). The password may not contain user's Account Name or entire Full Name value.

• For example, a user with the full name "Erin M. Hagens" and the username “ehagens” could not have a password that included either "erin" or "hagens" or “ehagens” anywhere in the password.
  

3). The password contains characters from three of the following categories:

• Uppercase letters
  
• Lowercase letters
  
• Base 10 digits (0 through 9)
  
• Non-alphanumeric characters (special characters) (for example, !, $, #, %)
  
• Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase. This includes Unicode characters from Asian languages.
  

Password Change:

To comply with the current security policy all users are required to change their network password every 120 days.

Please be aware of the two important security settings that are part of this policy.

• Minimum password age is 2 days, meaning that a password must be used for 2 days before it can be changed again.
  
• Password history is set to 7, this setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.
  

Password Protection:

Passwords must not be shared with anyone. All passwords are to be treated as sensitive, confidential company information.

Passwords must not be inserted into email messages, helpdesk tickets or other forms of electronic communication.

Passwords must not be revealed over the phone to anyone.

Do not reveal a password on questionnaires or security forms.

Do not share company passwords with anyone, including administrative assistants, secretaries, managers, co-workers while on vacation, and family members.

Do not write passwords down and store them anywhere in your office. Do not store passwords in a file on a computer system or mobile devices (phone, tablet)