Password Security

UWSP follows password complexity and rules outlined in UW-System policy as established by the National Institute of Standards and Technology (NIST) Special Publication 800-63 Level of Assurance 2 (LOA 2).

Why is Password Security Important?

Your UWSP network logon provides:

  • access to your e-mail and personal information. 

  • access to university protected on-line resources and services.

  • access to sensitive and legally protected information.

What Does UWSP Do to Keep Passwords Secure?

  1. UWSP students, faculty, staff and affiliates are required to change their passwords twice a year.*  You will receive email reminders when a password change is due.

  2. All passwords are required to be at least 12 characters and must include a combination of letters, numbers and/or special characters. Password examples are provided below under "Tips for Creating Strong Passwords".

  3. Passwords cannot include your first and last name or any part of your UWSP logon name.

  4. You are not allowed to reuse a recent password.

* While some institutions enforce password changes every 60 or 90 days, our data security stewards have designed a network authentication process around a slightly more complex password scheme, which per NIST LOA 2, allows for a more reasonable twice a year password change.

Tips for Creating Strong Passwords

To know what makes a password "good" or "safe," it is important to know what makes a password "weak" or "unsafe."

What makes a bad password?

A bad password is one that is easily guessed by a stranger, a friend, or a computer program. Examples of weak passwords are:  

  • License plate numbers
  • Dates
  • Words found in any dictionary, including languages other than English, slang, jargon, abbreviations, proper names, etc.
  • Combinations of dictionary words
  • Dictionary words spelled backwards
  • Numbers
  • Any personal information

What makes a good password?

One of the most popular ways to create a good password that is easily remembered is to substitute numbers and special characters in a favorite phrase or quote.  

Here are a few examples:

  • I luv W1sc0ns1n! - "I love Wisconsin" (notice that spaces are allowed?)
  • G$veMEaBre@k" - "Give me a break"
  • 4Score+7yrsag0 - "Four score and seven years ago"
  • 10+12 Equ@ls: 22 (instead of 101222)

How Can I Protect My UWSP Password?

Never share your password with anyone.  A person with your password becomes "you" when logging into UWSP resources.

They can:

  • read and send from your email.

  • gain access to your confidential personal/financial/health information.

  • change your recorded residence and mailing address.

  • reroute your student loan funds or, if employed on campus, your direct deposit.

  • They can even sell your logon and all of your information they gathered, online.

What does "Never" mean?

"Never share your password" means:

Never verbally give anyone your password in person or on the phone, or email your password. This includes family and friends.

Never enter your password into an online or emailed form, or write it on a paper form. No legitimate business will ask for your password.

And Never give your password in person, over the phone, email or online to anyone saying they are a representative from UWSP Information Technology or Service Desk.

 UWSP Information Technology will never ask you for your password.

A Little More Information

UWSP follows password complexity and rules as outlined in UW-System policy and which are established by the National Institute of Standards and Technology (NIST) Special Publication 800-63 Level of Assurance 2 (LOA 2).

Two-Factor Authentication (2FA) is also on the UW-System Information Security timeline as we continue strengthening our information security efforts.

While some institutions enforce password changes every 60 or 90 days, our data security stewards have designed a network authentication process around a slightly more complex password scheme, which per NIST LOA 2, allows for a more reasonable twice a year password change.

Have questions about password security?  Please contact the Service Desk.