Minimum Passphrase Standard

Tell a friend about this page.
All fields required.
Can be sent to only one email address at a time.
Share Facebook Icon Twitter Icon

Minimum Passphrase Standard


Approved: Chief Information Officer
Policy No.:
7.420
Supersedes Policy Dated:
None
Effective Date:
May 27, 2004
Review Date:
September 9, 2011
Person with Primary Responsibility:
Director of IT Security

Purpose


Passphrases are used to authenticate users for access to university computing systems and electronic information. A compromised passphrase can risk disclosure of more than just an individual's e-mail and personal files. It almost always risks disclosure of other sensitive information related to student affairs, personnel issues and patient care. The purpose of this standard is to ensure that all users select strong passphrases that are difficult to guess, crack or otherwise compromise.

Required Standards


The following minimum requirements shall apply to all computing systems attached to the East Carolina University campus computing network.

  1. Passphrases shall be at least 8 characters in length and contain characters from 3 of the 4 character classes below:
  • Numeral
  • Upper case letter
  • Lower case letter
  • Special character (e.g., !, @, #, *, ?)
  1. Passphrases shall be changed at a minimum of once every 90 days and must not use any of the account's previous 6 passwords
  1. Computing systems or computer accounts that cannot meet all of the above standards must be approved by the Director of IT Security. 

References


System Administration, Network, and Security (SANS) Institute Passphrase Policy, www.sans.org/resources/policies/Password_Policy.pdf (pdf)

UNC-CH passphrase requirements, http://help.unc.edu/?id=1552


Contact US

Need Help?
Give To East Carolina University