IT SECURITY STANDARDS

Publish Date: 5/12/2021 
Effective Date: 6/1/2021 
Release: 1.0
Custodian: Penn Office of Information Security

1.1.1  A PennName has the following characteristics:

  • Length
    • A PennName has a minimum of two characters.
    • A PennName has a maximum of eight characters.
  • Alphabet
    • A PennName may contain the lowercase letters a through z.
    • A PennName may contain numerics 0 through 9.
    • No other characters are permitted.
  • Structure
    • The first character must be an alpha.

2.1.1.1  Where password construction constraints permit, passwords should be constructed using the following criteria in order to be designated as "Strong Passwords":

  • 20 or more characters in length (passphrases) - constructed using any character class combination
  • 16 - 19 characters in length – must contain characters from at least 2 of the 4 character classes
  • 12 - 15 characters in length - must contain characters from at least 3 of the 4 character classes
  • 8 - 11 characters in length  - must contain characters from at least 3 of the 4 character classes

where the four character classes consist of caps, lower-case letters, numbers and symbols.

2.1.1.2  PennKey password complexity is established as follows (consistent with the preceding standard):

  • 20 or more characters in length (passphrases) - constructed using any character combination
  • 16 - 19 characters in length - must contain caps and lower-case letters
  • 12 - 15 characters in length - must contain caps, lower-case letters and numbers
  • 8 - 11 characters in length  - must contain caps, lower-case letters, numbers and symbols