The password rules implemented July 3, 2005 are required by the State Auditors and involve increasing the minimum complexity for passwords. The rules also require the removal of logon IDs that have not been used in a set time period. The following password / logon ID rules will be enforced:
- All passwords must be 8 characters in length and include at least one alphabetic and one numeric character. You may use &, # or $ but you may not use * or / in your password.
- A list of reserved words (such as aggies or gigem) will be checked to ensure that they are not included in the password.
- Passwords are required to be changed at an interval of no greater than 90 days.
- Logon IDs that have had seven (7) consecutive incorrect password attempts will be revoked.
- A recent history of passwords will be retained to prevent their reuse for a logon ID.
- Logon IDs that have not been used in a period of six (6) months will be revoked.
- Inactive logon IDs will be removed from the system six (6) months after their deactivation/revocation date.
- Files associated with the inactive logon IDs that were removed after a period of 1 year (6 months of inactivity + 6 months in an "inactive" status) will also be removed.