Update to Password Requirements

The easiest way to protect your computer and data is to use strong, long passwords or passphrases. A weak password can allow hackers to infect your computer, access your personal information, or send spam from your email account.  Due to the ease of cracking even the most difficult 8-character password, the University has decided to increase the minimum password length to 14 characters. 


Beginning June 1st, 2022, the next time you change your NetID or AD passwords, you will be required to meet the minimum length of 14 characters. 


A standard 8-character password requiring 3 of the 4 criteria (numbers, upper and lowercase letters, and symbols) can be cracked using today’s technology in one hour! By increasing the password length to 14 characters, that time increases exponentially to a stunning estimated 9 million years.


Password Cracking

To help remember a longer password, we suggest changing your mindset from using a password to a passphrase. A passphrase is a password comprised of a series of words that is easy to remember and type while still being very secure due to its length. 14+ character passphrases can be easier to remember. Instead of using a single long word, or hard-to-remember gibberish such as “TDpZE8yqS7pS0&”, you can use more words with sentence structure such as capitals and punctuation. Choose 3-4 random words, a short phrase, or even a song lyric. Think again as a passphrase instead of a password.


Learn more about Passwords / Passphrases at https://tech.rochester.edu/security/passwords/  


The University provides a password management tool,  LastPass Personal Premium, to all members of the UR community at no cost. This tool uses strong encryption to ensure the only way to access your password is by creating and using one strong “master” password to protect the credentials of all your other accounts. Get LastPass now.