Password Guidelines

Password Protection

The purpose of password guidelines is to ensure a more consistent measure of security for the University’s network and the information it contains. The implementation of these guidelines will better safeguard the personal and confidential information of all individuals and organizations affiliated, associated, or employed by Bryant University. Additionally, these guidelines establish a standard for the creation of strong passwords and the protection of those passwords.

The guidelines apply to faculty and staff and to all personnel who have or are responsible for an account on any system or has access to Bryant University information resources. In the case of an information system managed by a third party, the third party’s security controls shall meet or exceed these guidelines. Information Services recommends "passphrases" instead of passwords. Passphrases are longer, but easier to remember than complex passwords, and if well-chosen can provide better protection.

Creating a Passphrase

A passphrase is basically just a series of words that you employ instead of a single pass “word”. Passphrases must be at least 12-characters in length and may not include spaces. Keep passphrases simple, long and memorable. Include phrases comprised of typical English words, in uncommon combinations. Following are a few passphrase examples. (Note: These specific examples are excluded from use and will be rejected by the passphrase checking-system.)

  • picturecatchingsky
  • alphabetspoonaway
  • startjumping4JOY
  • keepsimple#undercontrol
  • theslowfoxwontherace

Password Rules

  • You may choose to reset your password anytime
  • Should not be inserted into email messages or other forms of electronic communication
  • Should not be shared with anyone
  • Should not be written down or stored electronically without encryption
  • Do not use the same password on two different systems, sites or services
  • Should be treated as sensitive, confidential information
  • Information Services shall require a password change to any suspected compromised account

Information Services implements a strict password checking-system. Each time you change or reset your password, the checking-system screens all passwords against a large dictionary of common words, common passwords, passwords that have been leaked by various compromises, and other passwords that may easily be guessed. Passwords matching a dictionary entry will be rejected.

Policy Review and Revisions

Last ReviewedLast UpdatedSummary
1/8/20241/8/2024Annual review and update.