/
CNU Password Creation Standards and Guidance

CNU Password Creation Standards and Guidance

University data must be protected at all times against threats such as malicious misuse, unauthorized intrusions, or inadvertent compromise. To protect university systems, as well as faculty, staff, and student users, CNU has instituted a more robust system of password requirements, and established a set of strong and consistent practices around account passwords. This documentation outlines the key requirements applied to all CNU passwords according to the current ISO standards, as well as additional guidance designed to help users protect their own accounts further. 

Requirements

  • Current CNU password requirements are as follows: 

  • Minimum length of 14 characters

  • Contains at least one uppercase and one lowercase letter

  • Contains at least one number

  • Contains at least one of the following special characters:  '.', '!', '?', '-', '+', '^', '%' 

Passwords are required to be changed every 90 days for accounts not linked with Multifactor Authentication of any kind. CNU passwords linked to MFA need to be changed on an annual basis. However, a password change will be required immediately if there is reason to believe the current password has been compromised. 

IT Password Guidance


At this time, IT recommends the following techniques for generating a strong password: 

  • Utilize Length: While CNU's minimum password length is 14 characters, there is no currently enforced maximum limit. The longer a password, the more difficult it is for bad actors to compromise. 

  • Consider Passphrases: Using a phrase consisting of multiple words can help a user meet the required minimum character length in a way that is more easily memorable. In addition, special characters can be easily incorporated as punctuation. 

  • Randomize: Using a randomized string of characters reduces the likelihood that a password can be easily guessed. If you are using a passphrase, use a random combination of at least four(4) words rather than a common phrase used in daily life. 

  • Do Not Repeat Passwords: Your CNU SSO password should be unique, and not used for other logins (including other CNU logins not configured for SSO). In addition, your password should not be a repeat of passwords used previously on other systems, even if it is no longer the current password for those systems. Repeating passwords across multiple login systems increases the likelihood that the password can be compromised, and increase the risk to you should a breach occur. 

  • Use a Password Manager: Remembering multiple passwords that meet all these requirements and recommendations can be difficult. However, passwords should NEVER be written down, stored in an unencrypted/unsecured data file, or stored in a web browser. If you need to store passwords for easier management, utilize a password manager such as 1Password that provides an encrypted 'vault' for safe storage. CNU also provides access to 1Password via Self Service, although we recommend reviewing our guidance on Password Manager platforms before installation.