Strong Passwords

U4: Passwords used on all systems for Harvard business should be of sufficient length and complexity to reasonably protect them from being guessed by humans or computers. (Most Harvard systems enforce length and complexity standards.)

See also: Level 2, Level 3, Level 4, 2, Users

How to Comply

Use a password management application

Use a password management application like 1Password, LastPass, KeePass or iCloud Keychain that generates, stores and protects long, random, unique passwords

Choose a strong and memorable password

1. No common names or dictionary words. (A multi word phrase with no spaces is acceptable).
2. Include at least one character from at least 3 of the following:
Include one uppercase letter
Include one lowercase letter
Include one number
Include one special character
3. Use one of these three length and additional requirements:
10 characters minimum
8 characters minimum and annual password reset/expiration
8 characters minimum and a second authentication factor

Use a 4-digit PIN

For smartphones and tablets, a 4-8 digit PIN is acceptable as long as you also configure the device to erase itself after 10 bad password guesses. 

For Exchange users, this is a default and the user must set the PIN. See your device manual for instructions for those not using Exchange.