Password Policy

Policy Statement:

 

The University NetID and password authenticates a user and grants authorized access to the University of Richmond's computing environment. A strong password or passphrase is key to the University's overall systems security. Users must protect their files and University resources by choosing a strong password and safeguarding it. 

  • Users are responsible for safeguarding their passwords to computing resources. Passwords must not be shared or disclosed to anyone including coworkers, vendors, friends, or family. If another person learns your password, that individual has the ability to access your e-mail, personal files, online network identity, and accounts. An attacker could use your account to attempt to gain unauthorized access to other networked resources, putting the University at risk. Never give your password to anyone—not even someone in Information Services. 
  • One method hackers use to gain access to systems is by "cracking" accounts. They typically accomplish this through the use of automated processes to discover account IDs and passwords. Using a dictionary word or your account ID for a password puts your account and the University's systems at higher risk of attack by hackers. 
  • University account passwords must be changed annually. It is strongly recommended that you change all your passwords regularly, at least once per year. 
  • Do not use the password associated with University of Richmond accounts for external accounts and services; such as social media, streaming platforms, shopping, etc. This protects Richmond accounts from compromise in the event such external services are breached or the service provider does not encrypt passwords during the authentication process. 
  • If you notice unusual activity on your account or suspect someone has learned your password, change the password immediately and notify the Help Desk or Information Security. If you suspect that someone is accessing computing resources using your identity, please contact the Help Desk at (804) 287-6400 or report it to the Director Information Security at abuse@richmond.edu.

How to Choose a Strong Password

One of the goals of this policy is to create a strong password or passphrase that is easy for a user to remember, but difficult for others to guess, making it less likely for an account to be hacked. Rules for length and complexity of passwords are outlined below.

Password Length

  • Minimum password length: 16 characters
  • Maximum password length: 30 characters

Password Complexity

  • Characters limited to: a-z, A-Z, 0-9 and [ ] & + * @ ! % ? = ~ #
  • Password must contain at least one lowercase letter, one uppercase letter, and one number.
  • Password must contain at least 5 unique characters and no more than four characters can be in a “sequence”. For example a password of “A1a1a1a1a1a1a1a1” or passwords containing “aaaaa”, “abcde”, “55555”, “12345”, “54321”, etc. are not allowed.
  • Usage is disallowed for the following personal information embedded in your password:
    • NetID
    • Name (first, middle, or last)
    • Birth year (YYYY)

Example: “presidentAlincoln1809” not allowed (if you are Abe Lincoln).

Password Maintenance

  • Passwords must be changed once every 360-370 days.
  • Successive passwords must differ by at least 3 characters.
  • Passwords that have been used within the last 18 months cannot be re-used.
  • An uppercase character ('C') is considered different from a lowercase character ('c'), except when comparing successive passwords, in which case they are considered the same (e.g., can’t change password from 'Cat' to 'cAT').

Reset Password

  • Contact the Help Desk at (804) 287-6400 (you will be asked to provide information to verify your identity) or visit the Help Desk in Jepson Hall G-19 (with your picture ID) to have your password reset.
  • In addition to the traditional method of resetting a forgotten network password by calling or visiting the IS HelpDesk, you are be able to register a 10-digit mobile phone number in University Network Account Management to which a PIN will be sent (via text) that can be used to reset your password. Your phone must be capable of receiving text messages.

View the Password Policy.