As a continued practice, the Information Technology (IT) department reviews its systems and controls to ensure that the University community, systems, and data are appropriately safeguarded. Given the implementation of MFA for all University accounts and in accordance with federal and industry best practices, the following are the password requirements for all NEOMED accounts, in alignment with our Password Policy.
What are the Password Requirements?
- For a majority of NEOMED users, there will be no password expiration.
- Some account types, such as privileged (administrative) users and PCI DSS users, will still adhere to periodic password changes every 90 days.
- Minimum password length will be fourteen (14) characters.
- Password complexity will be retained (currently in effect.) As a reminder, this means that your password:
- Must not contain your NEOMED username or parts of your full name; and
- Must contain characters from three of the following categories:
- Uppercase letters
- Lowercase letters
- Numbers 0-9
- Non-alphanumeric characters (special characters): (~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/)
- Any Unicode character that's categorized as an alphabetic character but isn't uppercase or lowercase. This group includes Unicode characters from Asian languages.
Password Expiration
In accordance with the University Password Policy, most users are not required to change their passwords at fixed intervals. Some account types, such as Privileged and PCI DSS users, must still change their password every 90 days. However, in all cases, IT reserves the right to reset a user’s password in the event a compromise is suspected, reported, or confirmed. This helps prevent an attacker from making use of a password that may have been discovered or otherwise disclosed.