Skip to main content

Passwords

Password lifecycle policies are based on the Texas A&M Information Security Controls Catalog.

PolicyImplementation
Minimum Length8 Characters
Maximum Length128 Characters
Maximum AgeLess Than 16 Characters: 365 Days
Greater Than 16 Characters: Never Expires
Expiration WarningsOnce Per Week For 3 weeks
Max Failed Attempts Before Lockout7
Lockout Duration15 Minutes

Requirements

  • A password must contain at least eight and at most 128 characters.
  • A password must contain at least one (1) lowercase letter.
  • A password must contain at least one (1) uppercase letter.
  • A password must contain at least one (1) non-alphabetic symbol.
  • A password must contain only the following characters: a-z, A-Z, 0-9, ~!@#$%^&*()-_=+\[{\]}|:;'<.>?/
  • A password may not contain the user's birthday, UIN, or NetID.
  • A password may not contain a single dictionary word, but can contain multiple dictionary words
  • A password may not contain words connected to Texas A&M culture, including but not limited to: aggie, whoop, hullabaloo, bonfire, and reveille

Other Notes

  • Failed attempts before lockout counts the number of attempts a user may have to enter a correct NetID password before the account is frozen and may not be accessed.
  • Once an account is frozen, a specific amount of time must pass before the account is automatically unlocked, the failed attempts count is set to zero and the user may again attempt to enter a correct NetID password.
  • Campus members can always reset their password by appearing in person with a photo ID.
  • If your password is 16 characters or longer, it will never expire. However, in the event of your account being compromised you will still be required to change your password.