What are the requirements for my password?

When creating a new password, it must:

• Must contain at least 1 letter.
• Must contain at least 1 number or punctuation mark.
• Must NOT contain spaces.
• Must be between 8 and 16 characters long.
• Must contain more than 4 unique characters.
• May not contain easily guessed words, e.g. purdue, boiler.
• May not contain your name or parts of your name.
• Must be a different password than the previous password.
• Passwords may not be re-used for 1 year.

Security for all passwords

• Some individuals must change their password at least once every 90 days, others must change theirs every 180 days
• Passwords never should be stored on your computer or written down and stored in plain sight (e.g., taped to the bottom of your computer keyboard).
• If a password must be written down, it should be locked up and stored in a place that is difficult for others to access.
• Passwords may be used only by you. Do not share your password with anyone.

Caution: If you suspect your password has been compromised, it should be changed immediately.

When picking passwords, avoid the following

• Your name, spouse's name, or partner's name.
• Your pet's name or your child's name.
• Names of close friends or coworkers.
• Names of your favorite fantasy characters.
• Your boss's name.
• Anyone's name.
• The name of the operating system you're using.
• Information in the GECOS field of your password file entry.
• The host name of your computer.
• Your phone number or your license plate number.
• Any part of your social security number.
• Anyone's birth date.
• Other information easily obtained about you (example: address, alma mater, etc...).
• Words such as wizard, guru, Gandalf, boiler, Purdue, Pete, and so on.
• Any username on the computer in any form.
• A word in the English dictionary or in a foreign dictionary.
• Place names or any proper nouns.
• Passwords all the same letter.
• Simple patterns of letters on the keyboard (example: qwerty).
• Any of the above spelled backwards.
• Any of the above followed or preceded by a single digit.
• Password examples that have been published anywhere, including the examples in this document.

Troubleshooting

Using one Password for multiple systems: If you are looking to use one password across all systems, the only common denominator would be an 8 character password with a number (no special characters).  Purdues1 and Abcdefg5 would be acceptable across all systems.  However, your next password cannot be too similar to the password you're currently using when you change it (e.g. Purdue2 from Purdues1) .

Resetting your password may not allow you access:

• Some systems use the career account to authenticate but also assign permissions of their own.  Although you are using your correct password and login, you cannot gain access without permissions to that particular system.
• Some systems do not handle passwords longer than 8 characters or do not recognize special characters.
• Some systems require a 90 day password change.  You will be able to log into ITaP on the 'Change your password' link, but still unable to log into a page/system.

For tips on creating a good password, please see:  Secure Purdue Best Practices.

For more information on Purdue University's Authentication and Authorization policy, as well as other policies related to information technology, please see IT policies.