Passwords
Password lifecycle policies are based on the Texas A&M Information Security Controls Catalog.
| Policy | Implementation |
|---|---|
| Minimum Length | 8 Characters |
| Maximum Length | 128 Characters |
| Maximum Age | Less Than 16 Characters: 365 Days Greater Than 16 Characters: Never Expires |
| Expiration Warnings | Once Per Week For 3 weeks |
| Max Failed Attempts Before Lockout | 7 |
| Lockout Duration | 15 Minutes |
Requirements
- A password must contain at least eight and at most 128 characters.
- A password must contain at least one (1) lowercase letter.
- A password must contain at least one (1) uppercase letter.
- A password must contain at least one (1) non-alphabetic symbol.
- A password must contain only the following characters: a-z, A-Z, 0-9,
~!@#$%^&*()-_=+\[{\]}|:;'<.>?/ - A password may not contain the user's birthday, UIN, or NetID.
- A password may not contain a single dictionary word, but can contain multiple dictionary words
- A password may not contain words connected to Texas A&M culture, including but not limited to:
aggie,whoop,hullabaloo,bonfire, andreveille
Other Notes
- Failed attempts before lockout counts the number of attempts a user may have to enter a correct NetID password before the account is frozen and may not be accessed.
- Once an account is frozen, a specific amount of time must pass before the account is automatically unlocked, the failed attempts count is set to zero and the user may again attempt to enter a correct NetID password.
- Campus members can always reset their password by appearing in person with a photo ID.
- If your password is 16 characters or longer, it will never expire. However, in the event of your account being compromised you will still be required to change your password.