NetID Password Management
Management of a NetID password encompasses a number of practices. The table and comments below describe the default password management practices for Texas A&M NetID account holder populations.
| Policy | Implementation |
|---|---|
| Minimum length of password | 8 |
| Maximum length of password | 128 |
| Password is character checked | Yes |
| Maximum age of password (in days) | < 16 characters = 365, > 16 characters = Never expires |
| Days of daily expiration warnings | once per week for 3 weeks |
| Password minimum age for reset (in days) | 0 |
| Failed attempts before lockout (CAS) | 7 |
| Lockout duration in minutes (CAS) | 15 |
| Failed attempts before lockout (Duo Two-Factor) | 7 |
| Lockout duration in minutes (Duo Two-Factor) | 15 |
| May reset forgotten password via Self-Service Password Reset | Yes |
| May reset forgotten password via HelpDesk Central phone | Yes |
| May reset forgotten password in person | Yes |
Notes
- Each attempt to change a password is checked to ensure that the new password conforms to the character requirements.
- A password must contain at least one (1) lowercase letter.
- A password must contain at least one (1) uppercase letter.
- A password must contain at least one (1) non-alphabetic symbol.
- A password must contain only the following characters: a-z, A-Z, 0-9,
~!@#$%^&*()-_=+\[{\]}|:;'<.>?/ - A password may not contain words found in a dictionary.
- A password may not contain the user's NetID.
- Passwords expire after a specific number of days as shown in the table.
- When the current date is close to the date of password expiration, messages will be sent weekly to the user's university business email address indicating that the password is about to expire and giving instructions for resetting the password. One week prior to the expiration date, any attempts to authenticate via CAS will redirect the account holder to the password change application.
- Failed attempts before lockout counts the number of attempts a user may have to enter a correct NetID Credential before the account is frozen and may not be accessed.
- Once an account is frozen, a specific amount of time must pass before the account is automatically unlocked, the failed attempts count is set to zero and the user may again attempt to enter a correct NetID Credential.
- Self-Service Password Reset is the ability to change a password to something known, even if the user does not currently know their password.
- Users may be able to reset their password using an alternative authentication mechanism by calling HelpDesk Central and having them flag the account.
- Users may be able to reset their password by appearing in person with a photo ID.
- If your password is 16 characters or longer it will never expire. However in the event of your account being compromised you will still be required to change your password.