University of Iowa Enterprise Password Policy

The purpose of the Enterprise Password Policy is to defend against unauthorized access of UI systems that could result in a compromise of personal or institutional data.  For the majority of the UI community, the default password policy means the following:

  • Passwords must be a minimum of nine (9) characters long, using a combination of alphabetic, numeric, and special characters
  • Passwords cannot contain consecutive, repeated characters (e.g., aaaaa11111) and cannot contain a string of characters that match previous passwords
  • HawkID passwords must be changed annually (every 365 days)
  • HealthCareID passwords must be changed every 180 days
  • Individual colleges or departments may require more restrictive password rules

Note:  Elevated privilege accounts, such as users with administrative rights on their workstations, require a minimum password length of 15 characters and more frequent password changes.

To change your password or use other password-related tools, see for your HawkID or for your HealthCareID.

For more information, see the full Enterprise Password Policy here: