Starting January 4, 2023, new HawkID and HealthcareID passwords will require at least 15 characters.
Previously, passwords for key University of Iowa systems required at least nine characters. The new password-length requirement reflects recommendations from the SANS Institute and other cybersecurity experts.
The new standard affects only new passwords. Existing passwords can be used until they expire or users choose to change them.
UI passwords also must use some combination of letters, numbers, and special characters, avoid strings of repeat characters, and differ from past passwords.
Longer, more complex passwords help protect students, faculty, and staff from cyber-attacks, particularly “brute force” attacks that use trial and error to guess passwords. Adding just one character to a password can make it exponentially stronger.
UI cybersecurity pros recommend two strategies for managing longer passwords:
Use a passphrase
Passphrases join a string of words to create a longer, stronger password. They’re easier for humans to remember and harder for computers to guess.
For example, a random string of nine characters like “t5y&px07s” would take more than 500 centuries to programmatically crack. By contrast, the passphrase “quantum straining refining atlas” would hold out for more than 22 million centuries.
Learn more about passphrases and test different password combinations. Note that UI passphrases must comply with all password requirements, including use of at least two numbers and/or special characters.
Use a password manager application
Password managers help you generate, store, and share passwords across your devices. They’re approved for use with HawkIDs and other UI credentials.
The university doesn’t provide password manager software or endorse specific products. But secure options are available for free or for modest subscriptions fees.
Find tips for evaluating password managers and choosing a tool that meets your needs.