Thompson Rivers University
Thompson Rivers University

Password Standards

Guidance on minimum password strength and usage for TRU systems.
Adopted by the Information Security Committee - September 27,  2016

 

Use a minimum of eight characters and a combination of at least three of the following:

  • CAPITAL LETTERS
  • lower case letters
  • Numbers: 0123456789
  • Special characters: !#$%^&*()_+={}|”:?/;’\][><,

Note: Any Oracle passwords are restricted to letters and numbers and must begin with a letter. e.g. Gr3enEGgSaNdHam1 or IamS0OverU. This means that Banner and myTRU passwords are also restricted to letters and numbers and must begin with a letter, since they are Oracle passwords.

Example for other systems, Gr3enEGg$@NdH@m! or I@mS0/you.

Change your password(s) every 120 days.

Don't use:

  • proper names
  • dictionary words — in any language
  • international characters

Never share passwords or use the same password for all systems you access.

Payment Card Industry Data Security Standard (PCI-DSS) version 3.2 requirements

In addition to the complexity standards above, passwords in the PCI Card Data Environment:

  • must be changed every 90 days,
  • must be different from the last four passwords used,
  • must be set to a unique value for new users and changed on first use.

Be even more secure

Consider using a "pass phrase" instead of a password.

When creating your "shared secrets" for websites like myTRU, remember not to use easy to guess questions like, "What colour is my car?" only you should know the answer to these questions.