Password Policy

Stanislaus State Password Standard

Length and Complexity 

  • Passwords must be between 12 and 127 characters 
  • Passwords must contain three of the following four:
    • Upper Case Letter (A-Z) 
    • Lower Case Letter (a-z) 
    • Number (0 through 9) 
    • Symbol that can be pronounced (no foreign characters) 

Your Password

  • Cannot be the same as or contain your previous five (5) passwords
  • Cannot contain self-identifiers, e.g., any part of your name, email, SSN, ID number, addresses, phone numbers, birthdate, etc.
  • Cannot contain the word password
  • Cannot contain any part of the University name

Expiration 

All passwords shall expire every 180 days [6 months]. 

Account Lockouts 

Accounts shall be locked out after 5 (five) consecutive failed login attempts. Lockout duration shall be 60 minutes, unlocked after 60 minutes
  (Faculty: unless unlocked using reset server). 

Reusing Passwords 

Passwords can be re-used following five password resets.

Reset Password

Faculty/Staff:  When your profile is complete, you can login to reset.csustan.edu and verify your account to reset/change your password.
If you’ve failed your login too many times, and your account has been locked, you can use this server to unlock your account. 
OIT strongly recommends that all Stan State faculty/staff register for this service.
If a user has not registered with this service, the faculty/staff member can contact the Technology Support Desk (L-150) for assistance with password resets and unlocking the account (must be done in person in the Library with appropriate identification presented at time of reset/unlock).

After Resetting Your Password

Immediately update all your devices (phones, laptops, tablets, etc.), your browser’s saved password caches, your password manager, and email apps after each password reset.

Failure to update devices and apps could result in their attempting to connect to University services using the old password, causing a lockout.

How to Create a Strong Password that Meets the Requirements

There are many methods for creating unique and difficult to guess (and crack) passwords.  With the password length increasing, the complexity of the password becomes less of an issue.  Passwords like P&^gUx4% are almost impossible to remember, often get written down somewhere, and are actually a lot easier to guess than you would expect.  Longer, easy to remember passwords are the key to better security.

The easiest to remember long passwords are ones in which you use normal unrelated words in a password phrase, inserting a number or symbol somewhere for added complexity. 

Examples:  Frame4SkyCrystalBalloons! or Squirrel2Mars4Marshmellow@Stone
 - The key to these passphrases is that the words are not directly related to each other (and not normally next to each other in normal phrases), the first letter of each word is capitalized (you could use any pattern), and numbers and symbols are inserted to add complexity.  These are easy to remember, and can even be visualized to assist your memory.

Another popular method is to create a sentence that you can remember easily, and then type only the first letter of each word for the password. 
 
Sample sentence: When I was in 5th grade I got my first bike that was red with a black seat
  - The resulting password would be WIwi5gIgmfbtwrwabs 
  - This password has upper case letters, lower case letters, and a number to meet the new password requirements
 
This Google search has information about creating secure passwords.

Reminders

  • Do not share any of your passwords or have them in plain sight.
  • If you must keep a record of your password, place it in a safe, locked location; or use a secure password manager app on your mobile device or computer.

Contact the Technology Support Desk, 667-3687, L-150, when you have questions about passwords.

Bb 10/17