Password Requirements & Creation Tips
Overview
This article explains password security standards. To keep your accounts secure and meet Washington State IT security standards, all users must follow established minimum password requirements when accessing systems such as Employee/Student Email Accounts and ctcLink/Canvas Accounts.
For Employee/Student Email Accounts
-
Length: At least 10 characters
-
Complexity:Must include at least three of the following:
- Uppercase letter (A–Z)
- Lowercase letter (a–z)
- Number (0–9)
- Special character (!, @, #, $, etc.)
-
Restrictions: Cannot include your name, birthdate, or ID number
-
Uniqueness: Must be significantly different from your last 4 passwords
For ctcLink/Canvas Accounts
-
Length:At least 8 characters
- Uppercase letter (A–Z)
- Lowercase letter (a–z)
- Number (0–9)
- Special characters are optional but encouraged
-
Restrictions: Cannot include your name, birthdate, or ID number
-
Uniqueness: Must be significantly different from your last 4 passwords
Tips for Creating Strong Passwords
-
Base Word Method
Choose a meaningful but non-personal word (e.g., a favorite city or show), then replace some letters with numbers or symbols.
Example:
- Original: Louisville
- Complex: L0u!$ville
-
Base Phrase Method
Pick a memorable phrase, like a quote or lyric. Take a phrase, and modify it in steps so it includes different cases, numbers, and special characters. You can also change the spelling of words and remove spaces:
Example:
- Phrase: everybody wants to rule the world
- Capitals: Everybody wants to the rule the World
- Number: Everybody wants 2 rule the World
- Special Character: Everybody wants 2 rule the World!
- Spellings: Everybody wants 2 rule da World!
- Remove Spaces: Everybodywants2ruledaWorld!
-
Final Tips
- Don’t reuse passwords across accounts
- Use a password manager if needed
- Update passwords regularly
- Always test your password against the requirements above
NOTE: The college adheres to the IT security standards established by the Washington State Office of the Chief Information Officer (OCIO). SEC-06-01-S Identification and Authentication Security Standard