Password Construction Guidelines

A Guide to NAU's Password Complexity Rules

Here is an explanation of the complexity rules that are in place on the password change application page.

Password Complexity Requirements

Passwords chosen must:
  • be a minimum of seven (7) characters in length
  • be a maximum length of (128) characters
  • contain at least one (1) character from three (3) of the following categories:
    • Uppercase letter (A-Z)
    • Lowercase letter (a-z)
    • Digit (0-9) or Special character `~!@#$%^&*()_+-={}|\:";'<>?,./

Password Expiration

This requirement establishes the amount of time (in days) that a password can be used before the system requires you to change it. Faculty and staff are required to change their password every 90 days.  For students, this rule is relaxed to every 120 days - roughly once per semester.  Passwords should be changed periodically because, over time, the possibility that they have been exposed in some way increases.  Regular changing of passwords also helps discourage the use of NAU account passwords on other systems that are less secure, such as social networking, gaming, and streaming media sites.

Password History

The password change system will not allow reuse of the last four (4) passwords.  A new password must be chosen whenever you change your password.  This is to improve the effectiveness of the password expiration rule.  It would not be of much benefit to require password changes if one could simply reuse the old one.

These changes will only help to protect your password to the extent that you do. Remember that it is against the NAU Acceptable Use policy to share your password. If you follow the guidelines above and protect your password, you will be taking a big step toward protecting the university's and your own information.