• weather Alert ✖CLOSE

    Due to winter weather, the university will operate on condition 2—suspended operations—until 11 a.m. Thursday, January 18. The university will operate on condition 1--reduced operations--from 11 a.m. until 5 p.m. Thursday. More information can be found at: uncp.edu/news/winter-weather-wednesday-january-17


Division of Information Technology
Division of Information Technology
UNCP Home Student Services Division of Information Technology Computer Security Password Requirements
  • A
  • A

Password Requirements

Based on the Information Systems Access Policy (DoIT 01 01), DoIT requires a strong password to protect the University's data and systems.

Password requirements

  • Must consist of a minimum of eight (8) characters
  • Must contain at least one character from three (3) of the following four (4) categories:
    • Uppercase letters (Examples: A, B, C, D, E)
    • Lowercase letters (Examples: a, b, c, d, e)
    • Digits (Examples: 1, 2, 3, 4, 5)
    • Symbols (Examples: ~, !, @, #, $, %, ?)
  • Shall not contain more than two (2) consecutive letters from the full name or username
  • Shall not contain dictionary words or abbreviations
  • Shall not contain dictionary words or abbreviations modified by substituting special characters or digits for letters

When to change passwords

  • Whenever there is a chance that the password or the system could be compromised.
  • Whenever the password may have been revealed to an unauthorized party.

Click here to change your password.

Password guidelines

  • Do not reuse the same passwords until a minimum of six additional distinct passwords has been used
  • Do not use the passwords used on university systems on external, non-university systems
  • Do not store passwords in Web browsers or other applications
  • Do not write down or email passwords

Other requirements for specific accounts

Typical user accounts

  • Expirations: Every ninety (90) days for ordinary accounts
  • Account lockout: After five (5) failed authentication attempts for ordinary accounts

User accounts with system privileges

  • Expirations: Every thirty (30) days for those with system privileges beyond a typical user account on the system
  • Account lockout: After three (3) failed authentication attempts for those with system privileges
  • Passwords shall be different from all other passwords for accounts used by the user.

Service accounts (an account created by system administrators or vendors for automated use by an application, operating system or network device)

  • Change passwords 1) at least every 180 days; 2) promptly following the separation of any employee with access to the password.
  • Passwords shall not be configured to automatically expire.

Accounts for visitors, contractors and other third parties

  • Passwords shall not be disclosed to these parties until such time as they are needed.
  • Passwords shall be immediately changed upon completion of access purpose.

Alumni accounts may be exempt for password-reset requirements if those accounts do not provide access to protected or sensitive data.