Password Requirements for Access to University Systems

Elias G. Eldayrie, Vice President and CIO

In light of today’s technology environment and the increased threat of a data or network breach, the University of Florida’s Information Security & Compliance governance committee has developed a new Authentication Management Policy and associated standard.  The new policy updates and clarifies authentication and password requirements for information systems at UF.

Passphrases of at least 18 characters that includes actual words are now allowed, as are multi-factor authentication mechanisms and the extension of some password expiration dates. 

Responsibilities of faculty, staff, and students under this policy include:

1. All members of the University of Florida community understand and accept that they are responsible for any activity occurring as a result of the use of their passwords.
2. All members of the University of Florida community act responsibly and protect their passwords. Passwords may not be shared or disclosed to anyone else. No one at the University of Florida will ever legitimately ask for your Gatorlink password—this includes IT support staff.
3. All members of the University of Florida community are responsible for reporting suspicious use of their password to their unit-IT support staff and/or the UF Computing Help Desk. Anyone who believes their password may be known by anyone else must change it immediately.

The Authentication Management Policy and standards are available online. 

Any questions about the updated Authentication Management Policy may be sent to: security@ufl.edu.