Password Guidelines

The purpose of these guidelines is to provide password standards for online or other types of university accounts.

Each member of the campus community is responsible for the security and protection of electronic information resources over which he or she has control. Towson University passwords, including NetIDs, provide access to services and information and should follow the recommended guidelines and requirements.

NetID Passwords

NetID passwords must meet the following requirements:

  • Be at least 2 days old before you can change it again
  • Be at least 8 characters in length
  • Use at least 3 of the following 4 different types of characters: uppercase letters, lowercase letters, numbers, and symbols like !#$%&*+,-/:;()<=>?_
  • Not contain any part of your name
  • Not be one of your last 10 passwords

Student, faculty or staff that have forgotten or need to reset their NetID password can find information and reset links on the NetID Tools page.

Other Passwords

When creating a password for any online service or account at the university, follow the NetID requirements listed above.

If you are responsible for managing an application, please refer to the State of Maryland Information Technology Security Policy (PDF) for detailed password guidelines. If you have additional questions about passwords, submit a TechHelp service request.

Password Tips

Don't

  • Use simple passwords like 123456, password, a pet's name, a birth date, a child's name, your address.
  • Use the same password for work and personal use. For example, don't use the same password for your online banking as you do for Facebook or Twitter. If one is hacked, the others may be as well.
  • Tell someone else your password - ever!
  • Use public computers (hotel, libraries) - they may be affected with malicious code that captures your keystrokes.

Do

  • Make it easy to remember
  • Make it long
  • Change your password if you think it has been compromised

How to Create a Strong Password

  1. Begin with a phrase that describes something about yourself like "Ihatebrusselsprouts."
  2. Add at least one lower and one upper case letter in the phrase: IHateBrusselSprouts
  3. Use symbols and/or numbers in place of letters: IH@teBrusselSpr0uts!
  4. Use only the first letter of each of the words in your phrase. Add special characters and/or numbers and add an abbreviation for the site at the end of the phrase.
  5. Watch this brief video for more guidance. 

Can't Remember that Password?

There are password manager programs that will help you remember your passwords and keep them safe. OTS does not endorse a particular site, but provides some examples:

APP Cost Available For
LastPass Free Windows, Linux, Mac OS X
Intuitive Password Free Web
Password Box Free Windows, Mac OS X, iOS, Android, Kindle
KeePass Free Windows, Linux, Mac OS X, iOS, Android
Adobe Reader Download button