UW-Madison - IT - Password Standard

Applies to anyone who connects devices or systems to a UW-Madision network by any means.

Specifies the minimum length, complexity and other required and recommended practices for passwords used on devices and systems connected to the UW-Madision network.

The Password Standard is the implementation of the Password Policy


The following standards have been developed in concert with the university community and established by the Office of Cybersecurity.


  • Passwords chosen must:

    • be a minimum of eight (8) characters in length;

    • be memorized; if a password is written down it must be secure;

    • contain at least one (1) character from three (3) of the following categories:

      • Uppercase letter (A-Z)
      • Lowercase letter (a-z)
      • Digit (0-9)
      • Special character (~`!@#$%^&*()+=_-{}[]\|:;”’?/<>,.);
    • be private;

  • Passwords chosen must not:

    • contain a common proper name, login ID, email address, initials, first, middle or last name.


  • It is strongly recommended that:

    • passwords are changed twice per year (e.g., when clocks are adjusted in the spring and fall);

    • each password chosen is new and different.


Please address questions or comments to itpolicy@cio.wisc.edu.


Keywords: Doc ID:58605
Owner:Tim B.Group:IT Policy
Created:2015-12-01 09:00 CSTUpdated:2022-08-31 15:05 CST
Sites:IT Policy
Feedback:  38   13