Thompson Rivers University
Thompson Rivers University

Password Standards

Guidance on minimum password strength and usage for TRU systems.
Adopted by the Information Security Committee - September 27,  2016

 

Use a minimum of eight characters and a combination of at least three of the following:

  • CAPITAL LETTERS
  • lower case letters
  • Numbers: 0123456789
  • Special characters: !#$%^&*()_+={}|”:?/;’\][><,

Note: Any Oracle passwords are restricted to letters and numbers and must begin with a letter. e.g. Gr3enEGgSaNdHam1 or IamS0OverU. This means that Banner passwords are also restricted to letters and numbers and must begin with a letter, since they are Oracle passwords.

Example for other systems, Gr3enEGg$@NdH@m! or I@mS0/you.

Change your password(s) every 120 days.

Don't use:

  • proper names
  • dictionary words — in any language
  • international characters

Never share passwords or use the same password for all systems you access.

Payment Card Industry Data Security Standard (PCI-DSS) version 3.2 requirements

In addition to the complexity standards above, passwords in the PCI Card Data Environment:

  • must be changed every 90 days,
  • must be different from the last four passwords used,
  • must be set to a unique value for new users and changed on first use.

Be even more secure

Consider using a "pass phrase" instead of a password.

When creating your "shared secrets" for websites, remember not to use easy to guess questions like, "What colour is my car?" only you should know the answer to these questions.