Announcement

This website will be redirected to our new password and account access management platform iam.appstate.edu, on Monday, June 23, 2025. After this date, all password changes will take place at iam.appstate.edu.

If you would like to opt in and update your security questions and/or change your password in this new platform, sign in to iam.appstate.edu. For additional guidelines, visit support.appstate.edu/password/guidelines.

Guidelines for Setting and Protecting Your Password

Secure passwords are a critical part of protecting email and confidential information. All students, faculty and staff are required to change their account on a prescribed schedule. Users enrolled in Appalachian State's Duo two-factor authentication solution are allowed to keep their password for 365 days. Privileged users who are not enrolled in Duo must change their password every 90 days. All other users will be required to change their password after 180 days.

System Requirements:

  • The account password must be at least eight (8) characters in length for standard users or twelve (12) characters in length for users who have access to confidential data
  • The maximum length of the password is thirty (30) characters.
  • Use a combination of character classes:
    • UPPERCASE LETTERS
    • lowercase letters
    • Numbers
    • Symbols: ! + - _ * ? % . { } ~
  • Standard users must have at least two (2) of the character classes listed above. Users with access to confidential data must have at least three (3) of the character classes

Selecting Passwords:

  • Choose passwords that are easy to remember but are difficult for an attacker to guess.
  • Never set a password that is derived from your username or legal name.
  • Avoid using dictionary words, including foreign language, slang, jargon and proper names.
  • Do not use passwords that contain common words or phrases associated with Appalachian.

Guidelines for Protecting Passwords:

  • Treat all passwords as confidential data.
  • Do not include secure passwords in any unprotected electronic communication.
  • Secure passwords should not be shared or used to access non university accounts or systems.
  • Do not write down your password or share it with another user.