Harvard University Information Security | HARVARD.EDU

Strong Passwords

U4: Passwords used on all systems for Harvard business should be of sufficient length and complexity to reasonably protect them from being guessed by humans or computers. Further, users must leverage multi-factor authentication (two-step verification) wherever supported. (Harvard systems behind HarvardKey authentication will meet our length, complexity, and multi-factor standards.)

See also: Level 2, Level 3, Level 4, 2, Users

How to Comply

Choose a strong and memorable password

1. No common names or dictionary words. (A multi word phrase with no spaces is acceptable).
2. Include at least one character from at least 3 of the following:
Include one uppercase letter
Include one lowercase...

Use a 4-digit PIN

For smartphones and tablets, a 4-8 digit PIN is acceptable as long as you also configure the device to erase itself after 10 bad password guesses.

For Exchange users, this is a default and the user must set the PIN. See your device manual for instructions for those not using Exchange.

Use a password management application

Use a password management application like 1Password, LastPass, KeePass or iCloud Keychain that generates, stores and protects long, random, unique passwords

Information Security Policy

Harvard University

Strong Passwords

How to Comply

Choose a strong and memorable password

Use a 4-digit PIN

Use a password management application

a5521c6de467d1f1f57b952884f5e43e