Minimum requirements for passwords for university accounts.
University accounts provide access to a wide range of institutional systems, data, and resources, making strong password practices essential to protecting the university environment. In response to evolving security risks and compliance requirements, ISS and Denver OIT established this standard in alignment with APS 6005, APS 5001 and CU Systemwide Baseline Security Standards. Passwords must be updated in accordance with this guidance and whenever compromise is suspected or confirmed.
The purpose of these standards is to establish minimum password requirements that reduce the risk of unauthorized access to university systems and data. Strong password practices are a foundational component of the university’s overall security posture.
These standards apply to all accounts that access university systems, data and networks. This includes faculty, staff, students and systems or services that rely on authenticated access.
Access the complete standard document for full details on requirements, key definitions, exceptions and related policies. This PDF requires single sign-on (SSO) for access.