Amherst Password Rules
An Easy Recipe for a Compliant Password
1. Take two common words that have a combined total of at least seven characters; e.g., 'hours' and 'tree.'
2. Add a number, and use as your password; e.g., '9hourstree,' 'hours9tree,' or 'treehours9.'
NOTE that you can't use common words that form a natural compound, such as 'base' and 'ball.'
A valid Amherst password is between eight- and 30-characters long* and obeys the following rules.
- Includes at least two of the following four types of characters:
- lower case alphabetic (a to z)
- upper case alphabetic (A to Z)
- numeric (0 to 9)
- special ( !@#$%^&*() )
- When stripped of any beginning and/or ending numerals and special characters, the remaining letters must not be a common password (e.g., 111111 or qwerty) or an English, French, Spanish, or German word.
- For example, 1%bonjour6 fails because, once you strip off the leading and trailing special characters and numerals, what you have left--bonjour--is a word you find in a French dictionary.
- Note that bon4jour is a legal password because numerals and special characters are only stripped from the beginning and end of the proposed password. bon4jour isn't found in any dictionary.
- You can’t reuse any of your previous ten passwords
You can only set a new password once in any 10-minute span, so you must wait at least 10 minutes between password resets. If someone in Amherst IT sets a temporary password for you, then you must wait 10 minutes before you can set a new password for yourself.
Password Lockout Policy
If 20 failed attempts to log in to any user account occur within a ten-minute period, that account will be blocked from all College supported electronic resources for the next ten minutes so that IT can verify that no one is trying to gain unauthorized access to our network.