University of Kentucky Computer Password Policy
Purpose:
Establish a best-practice for using strong passwords, as complex as the host system allows.
Characteristics:
| 1. Minimum Length | 8 characters. On systems with a maximum password length of less than 8 characters, use the maximum length that the system supports. |
| 2. Expiration | 90 days or less. |
| 3. Password History | 8 password changes are required before reusing a previous password. (To prevent recycling passwords.) |
| 4. Minimum Password Age | 1 day. You may only change your password once each day. (To prevent recycling passwords.) |
| 5. Lockout | After 5 unsuccessful log-on attempts. The password may be unlocked automatically by the system after 30 minutes, or by request to an authorized person who must verify the identity of the requestor. |
| 5. Composition |
Must contain characters from three of these categories, and be enforced when a password is created or changed:
|
| 6. Inactivity Timeout | 60 minutes. Interactive terminal sessions must be timed out by the application or host service. |
For additional suggestions, visit the Suggestions for Keeping Passwords More Secure information page.
This document is part of the UK Password Requirements web site.
For the UK Medical Center systems, please review the Medical Center Password Requirements.
About IT Technical Assistance
This document is maintained and copyright 2002-2007 by the University of Kentucky Information Technology Customer Service Center for the students, faculty and staff of the University. All rights reserved. Duplication of this document is permitted to the aforementioned audience.
Chapter 1 Subhead 1
Chapter 1 Subhead 2
Begin Document
For More Assistance
Please contact the IT Customer Service Center if you have any questions or problems while following these instructions. The IT CSC is open from 7AM to 6PM Monday through Friday. You may come directly to the CSC at 111 McVey Hall. You may also reach the CSC by phone (859.257.1300) or email (helpdesk@uky.edu).