Password Management Policy

The following are general password policies applicable for network, system resources and Internet access use:

  • Users must abide by policies stated in the WSU Computing and Telecommunications Account Policy Statement.
  • Campus passwords and user logon IDs should be unique to each authorized user.
  • Campus passwords will follow the standard set forth on the WINGS portal.
    • The password length must be 8 to 14
    • The password must contain a letter.
    • The password must contain at least one of these special characters:0123456789^()-_!$
    • Do NOT use names or common words in the dictionary.
    • Do NOT use the following symbols %#.@
    • Do NOT use the last four digits of your SSN.
    • Do NOT use your CAMPUS Account username, your first name, or your last name.
    • Do NOT use 3 or more repeated (i.e., aaa or 111) or consecutive (i.e., abc or 123) characters.
  • Campus passwords will be kept private i.e., not shared, coded into programs, or written down.
  • Campus passwords will be changed every 180 days. Systems will enforce password change with an automatic expiration and prevent repeated or reused passwords.
  • Campus passwords associated with the PCI-DSS systems change every 90 days. Systems will enforce password change with an automatic expiration and prevent repeated or reused passwords for a minimum of 8 previous passwords.
  • Campus User accounts will be locked after 9 failed logon attempts. User accounts associated with PCI-DSS systems will be locked after 5 failed logins. All failed login attempts will be recorded.
  • Successful logons should display the date and time of the last logon and logoff.
  • Logon IDs and passwords are suspended if a client is not authorized during current term unless authorized by Computing and Telecommunications Account Policy Statement.
  • Campus passwords will be changed after first use.