“12 for 12” password rules for employees go into effect April 8

The CU logo made out of keyboard keys

Editor’s Note: Due to technical issues, the new passphrase requirements will go into effect April 8. The initial version listed Feb. 11.

Starting April 8, faculty and staff will only have to change their passwords once every 12 months as the Office of Information Technology adopts new security measures for campus employees.

New passwords will now have to be at least 12 characters but will no longer require capitalization or special character requirements. Greg Williams, director of operations for OIT, said it’s easier for users to consider the new password as a “passphrase” with multiple words or a sentence that makes it easier to remember but is not easily guessed.

“We know that having to change passwords every three months was a chore for a lot of our employees, because you probably needed to update it on your laptop, tablet and phone,” Williams said. “It’s now a longer requirement, but by removing the need to include a special character or a capital letter, the length of the new passphrase becomes the strength that maintains, and even increases, the level of security on a person’s account.”

Williams said that the current requirements are similar to those used by other services, like banks and credit cards, and people often use the same set of passwords across those accounts. If one of those accounts were compromised and you used the same username and password combination on other websites, the attacker could gain access to those websites as well. It’s best to always have different passwords or better yet, passphrases, for different sites.

The Information Security Office provides resources for the campus on phishing attacks, virus and malware software, compliance and regulatory procedures, and security standards that can be used by any campus user.

1 Comment on “12 for 12” password rules for employees go into effect April 8

Leave a Reply

Your email address will not be published.