Requirements for Acceptable Passwords
This page contains the rules to which passwords must conform to be accepted.
Passwords must conform to the criteria listed on this page to be accepted by the CITES Password Manager.
Requirements for all passwords
Length: Eight Characters or More
All passwords must be between 8 and 12 characters in length.
Three character classes
A password must contain at least one character
from each of the following three character classes:
- Uppercase letters (
ABCDEFGHIJKLMNOPQRSTUVWXYZ) - Lowercase letters (
abcdefghijklmnopqrstuvwxyz) - Numbers (
0123456789)
No invalid characters
A password may only contain valid characters. Valid characters include
standard printable ASCII characters (uppercase lowercase letters,
numbers, and standard English punctuation). Invalid characters
include white space
characters (spaces and tabs), function keys, arrow keys, and accented
letters.
No name or NetID fragments
A password may not contain forward or reverse
fragments of three or more characters from the owner's name or
NetID. For example, if John
Doe
has the NetID jdoe, his password cannot contain sequences such
as jdo, ohn, or eod.
No large words
A password may not contain words five characters or longer
in length. Smaller words are allowed. The word list used to verify
passwords may
include common foreign words, formal nouns (like names), and jargon
not commonly found in traditional dictionaries.
No alphabetic sequences
A password may not contain forward or reverse
alphabetic sequences of three or more letters. The case of the letter
(uppercase or lowercase)
does not matter. For example, these sequences are not allowed: abc,
ZYX, mNo.
No numeric sequences
A password may not contain forward or reverse numeric
sequences of three or more numbers. For example, these sequences are
not allowed: 012,
876, 456.
No keyboard sequences
A password may not contain keyboard sequences of
three or more characters. This includes horizontal, vertical, and diagonal
rows of keys along
with duplicate keys. For example, these sequences are not allowed:
asd, qaz, ji9, xXx, 222.
No example passwords
A password may not match any of the example passwords
ever used in CITES documentation.
Additional requirements for NetID passwords
Cannot use last password
Your new NetID password may not be the same
as your current NetID password. You may reuse older previous passwords,
however.
Minimum life of 24 hours
Once you change your NetID password, you cannot
change it again for 24 hours.
Maximum life of one year
NetID passwords expire one year after they are
set. If your NetID password expires, it cannot be used until you
change it.
About these requirements
These password rules are derived from the requirements set forth by the University Technical Management Team (UTMT), which comprises the Chief Information Officers (CIOs) from the three University of Illinois campuses, University Administration, and the Hospital. The UTMT is responsible for enacting and enforcing data security policies under the University of Illinois Information Security Policy, which can be found in the Campus Administrative Manual of the University of Illinois. To contact a member of the Urbana campus CIO's office, send mail to <cio@uiuc.edu>.