Best practices for Control Center passwords
Passwords are a critical aspect of cybersecurity and can serve as the first line of defense in preventing unauthorized access to your account. They help to protect access to sensitive and proprietary information. This prevention ensures that data and private or sensitive information is used only by the appropriate users.
To ensure secure passwords, the Control Center has implemented a strong list of requirements. While passwords may seem inconvenient, they are an important protection that should be taken seriously.
Password requirements
| Requirement | Things to consider |
|---|---|
| Cannot be the same as your current password | Do not reuse any of your previous six passwords. |
| Cannot be an exact match for any attribute values in your user profile | Avoid using your first or last name or your user ID. |
| Cannot be too similar to your current password | Do not simply add a number or character to your current password; the new password must be uniquely different. |
| Cannot be a commonly-used password | Avoid things like "Password" or "Welcome123". |
| Must have a minimum of 12 and a maximum of 255 characters | Longer passwords are harder to hack. |
| Must contain at least one of the following special characters: ~!@#$%^&*()-_=+[]{};:.,<>/? | Only one special character is required, but consider using more than one for a stronger password. |
| Must contain at least one numeral: 0123456789 | Avoid four or more sequential numbers (e.g., 1234). |
| Must contain at least one upper case character: ABCDEFGHIJKLMNOPQRSTUVWXYZ | Avoid four or more sequential letters (e.g., ABCD). |
| Must contain at least one lower case character: abcdefghijklmnopqrstuvwxyz | Try alternating upper and lower case letters. |
Additional password guidelines
In addition to the requirements, also consider the following guidelines when creating your password.
- Do not use the name of a pet, family member, product, sport, or organization.
- Do not use phone numbers, addresses, birthdays, or other identifying numbers.
- Never use simple adjacent keyboard combinations (e.g., asdfjkl;).
- Do not use palindromes (words or phrases that read the same forward and backwards, for example madam, kayak, nurses run, race car).
- Do not use spaces.
- Do not use the same password for more than one account.
- Do not write your password down or store it near your computer or desk. Use an approved password management tool, if available.
Password policy rules
- 6 prior passwords are maintained in the password history count for a maximum of 365 days
- The password expires every 90 days (every 3 months)
Account lockout rules
- Account lockout occurs after 6 distinct failed attempts (repeated attempts of the same password are not counted)
- Locked accounts due to failed password attempts are automatically unlocked after 30 minutes
Tips for creating a unique password
The key to creating a hard-to-hack password is to make it unique and easy to remember but hard to guess.
Here are some tips to create easy-to-remember but hard-to-guess passwords:
| Try this... | Examples... |
|---|---|
| Relate the password to something you can easily remember, for instance a favorite hobby or vacation destination. | "I love to be in Italy" could be changed to "1luv2bn1talE!". It is secure and memorable. |
| Use a phrase you know well but incorporate shortcuts or acronyms. | "One for all and all for one" (from The Three Musketeers written by Dumas) can be changed to "14A&a41duMas". |
| Use the first letter of a phrase that is meaningful to you but incorporate symbols or acronyms. | "I love my children and they are the best part of me." could be changed to "1Lmc&TRtbpom!" |
Updated 2 days ago