
			Password Guidelines
			Password Guidelines
			The following guidelines should be adopted as the minimum baseline password standard for computer systems at Washington University.
			Require that: Passwords be at least five characters in length and sufficiently complex. Passwords change at least every 90 days. Security software disables and revokes passwords following no more than eight unsuccessful log-on attempts. Security software disallows the reuse of passwords for five generations or more.
			Where software permits: Require that files containing passwords are one-way encrypted. Require passwords to be entered in non-display fields. Set the initial passwords (issued by the system administrator) to be valid for one log-on only, and require a forced password change following the initial log-on.
			Approved by the Washington University Board of Trustees Audit Committee December 3, 2004. Revised July 11, 2006 per PWC
			© 2006 Washington University in St. Louis, One Brookings Drive, St. Louis, MO 63130