Guidelines for Setting and Protecting Your Password

Secure passwords are a critical part of protecting email and confidential information. All students, faculty and staff are required to change their account on a prescribed schedule. Users enrolled in Appalachian State's Duo two-factor authentication solution are allowed to keep their password for 365 days. Privileged users who are not enrolled in Duo must change their password every 90 days. All other users will be required to change their password after 180 days.

System Requirements:

  • The account password must be at least eight (8) characters in length for standard users or twelve (12) characters in length for users who have access to confidential data
  • The maximum length of the password is thirty (30) characters.
  • Use a combination of character classes:
    • UPPERCASE LETTERS
    • lowercase letters
    • Numbers
    • Symbols: ! + - _ * ? % . { } ~
  • Standard users must have at least two (2) of the character classes listed above. Users with access to confidential data must have at least three (3) of the character classes

Selecting Passwords:

  • Choose passwords that are easy to remember but are difficult for an attacker to guess.
  • Never set a password that is derived from your username or legal name.
  • Avoid using dictionary words, including foreign language, slang, jargon and proper names.
  • Do not use passwords that contain common words or phrases associated with Appalachian.

Guidelines for Protecting Passwords:

  • Treat all passwords as confidential data.
  • Do not include secure passwords in any unprotected electronic communication.
  • Secure passwords should not be shared or used to access non university accounts or systems.
  • Do not write down your password or share it with another user.
Resources