At least 12 characters – Best practice is to use a passphrase rather than a password. You can have absolutely have a longer password if you choose – the longer the stronger!  Examples of passphrases include: “April Showers,” “Go Cards 2019!,” “Wrigley Field is the B3st,” “I need a drink NOW!,” “Is it Friday yet?”  (Something that makes you smile when you type it might be a good thing.)

Must be complex – Your password must contain 3 of the following 4 types of characters:

• upper case letters (ABCDE etc.)
• lower case letters (abcde etc.)
• numbers (12345 etc.)
• symbols (@#$% /- etc.)

Details

• At least 12 characters
• Must be complex: contain at least 3 of these 4 types of characters: Upper case letters, lower case letters, numbers, symbols
• Changed once every  six months (180 days)
• Changed not more frequently than every two (2) days
• Different from previous 6 passwords – BEST PRACTICE is to NEVER reuse passwords!
• NOT include all or part of the UserName
• NOT stored in readable form where unauthorized person may discover them (i.e., no sticky notes)
• NOT include repeated characters; alphabetic, numeric or keyboard sequences, dictionary words, or easily identifiable information