Password Policy FAQs

Password Policy FAQs:

Why is the password policy changing?

The password revisions create a better user experience and increase security while keeping current with computing trends.

Will this password revision affect UKHealthCare employees?

Yes and No. UKHealthCare employees have a separate password policy.  However, the default password for new MC link blue accounts and reset MC link blue accounts will also be u$ followed by the last six digits of the UK ID number and then blue (e.g. u$123456blue).   The separate policy allows MC to choose an 8 character minimum password AFTER the initial 12 character default password is created.

What is considered a safe password under the revised policy?

A safe password uses uppercase and special characters and is at least 12 characters long.  It is not a word in the dictionary. For example: &Wild&C8tz!a

Why is the password length requirement different for AD users and MC?
The password length requirement is different for AD users and MC users because of different regulations and data sensitivity levels. 

When will my password be affected by this revised policy?

After the implementation date, when a current password expires or a user decides to change his/her password, the new password will have the revised password policy applied.

Will every users’ password change at once?

No, after the implementation date, when a user’s current password expires or a user decides to change their password, their password will follow the new revision policy.

Why was the lockout policy changed?

Most users have multiple devices and have to change the password on every device. Often times, users have been locked out during this process because the passwords were not changed quickly enough on all devices before meeting the lower lockout threshold. In order to help users avoid this problem, the lockout threshold increased to 150 attempts.

Does the new policy increase safety?

Yes and no.  A 12-character password has less risk against multiple vulnerabilities. However, common sense is still needed as even the strongest password is weak if given away. Be sure never to give anyone your password, be careful online, and NEVER type your password into an email. UK will never ask you for your password. Never!

859-218-HELP (859-218-4357) 218help@uky.edu