The University of Tennessee
A-Z Index  /  WebMail  /  Dept. Directory

Choosing A New Password

Choosing a new, secure password

New passwords must be at least eight characters long and include at least three of the following four characteristics

  • At least one numeric character (1, 2, 3, 4, 5, 6, 7, 8, 9, 0)
  • At least one special character (/, [, -, =, +, !, #, $, etc.),
  • At least one lowercase character (a, b, c, d, e, f, g, etc.)
  • At least one uppercase character (A, B, C, D, E, F, G, etc.).
All passwords--including those issued for temporary IDs, password resets, and locked out IDs--must conform to the above standard.

Note: All ERA (UT Dial-Up) customers should change their passwords to have exactly eight characters. Passwords with more than eight characters cause the login to fail.

Users must never write down or otherwise record their passwords. Each user is responsible for any action taken with that user's login. No university employees or students should ever share or divulge their password to anyone, including other university students and staff, nor should UT employees and administrators ever request a user to divulge his or her password. Users should change their passwords often--at least once every 180 days. Any password that a user believes may have been compromised must be changed immediately.

Users must not attempt to determine another user's password through any means. This prohibition applies to passwords for students, faculty, staff, and friends and accounts on systems reached through the Internet.

Account lockouts: An account will be set to lock out a user for a minimum of five minutes after a maximum of five failed login attempts.

Password uniqueness: A history of at least ten passwords should be kept when technically feasible for each account within a system. New passwords should be checked against this history and users prohibited from re-using any matching entries.