Summary
This article explains password security standards, including what a password must contain and what is should contain.
Details
The Washington State Office of the Chief Information Officer (OCIO) has published IT security standards for State Agencies. Community Colleges of Spokane complies with these standards.
Standards for Passwords used for Internal/External Authentication
A password for your CCS Account or Bigfoot Account MUST:
- Be a minimum of 10 characters long and contain at least three of the following character classes: uppercase letters, lowercase letters, numerals, special characters. Example: !,$,#,% - WA OCIO Standard 6.2(5)a
- Not contain the user’s name, UserID or any form of their full name - WA OCIO Standard 6.2(5)b
- Be significantly different from the previous four passwords. Passwords that increment (Password1, Password2, Password3 ...) are not considered significantly different - WA OCIO Standard 6.2(5)d
NOTE: These requirements are enforced by administrative configuration settings. - WA OCIO Standard 6.2(1)
A password for your CCS Account or Bigfoot Account SHOULD:
- Not consist of a single complete dictionary word, but can include a passphrase - WA OCIO Standard 6.2(5)c
NOTE: This guideline is recommended by IT security staff. - WA OCIO Standard 6.2(1)
Password Tips
Many other factors affect the strength of a password (how likely it is to be guessed or broken by password breaking software). Even following our internal requirements for a password, it is possible to make one that is easy to break.
For those interested in selecting strong passwords, The Password Meter is an excellent place to test your passwords. It will provide a score for any password you test and make suggestions as to where you can improve the complexity.