UAB is revising its password/passphrase policy to ensure better security for campus assets.

Under the new policy that is being phased in beginning Sept. 15, passwords/passphrases will need to be 15 characters, but the passwords will expire after one year.

Implementation of the policy will be phased in; while users can change their passwords at any time at BlazerID Central, they will NOT be required to change their passwords to 15 characters until their current password expires. Enforcement of the new requirements and expiration will begin on the first password change event after the policy goes into effect on Sept. 15.

Fifteen-character passwords are much harder to crack than eight-character passwords, making them more secure than UAB’s current standard. Once a password/passphrase expires, a user will never be able to reuse it. 

A strong passphrase:

  • Is a series of words that create a phrase.
  • Does not contain common phrases found in literature or music. You can choose a sentence or phrase that is familiar to you, but use the first letter of every word as a mnemonic device.
  • Does not contain words found in the dictionary. You can replace certain letters in words with numbers, such as 1 for an I or L.
  • Does not contain your user name, real name or company name.

UAB’s passphrases must contain three of the following four characters: an uppercase letter, a lowercase letter, a number and a special symbol.

When users log into BlazerID Central to change their passwords, they will automatically be prompted to enroll a phone number in the Identity feature, which allows users to more easily reset a BlazerID password/passphrase without having to contact AskIT.

UAB IT is also actively pursuing a contract for a password manager for faculty, staff and students. 

Monday, 16 December 2013 16:16

UAB Password and Passphrase Standards

Effective January 1, 2014, UAB has a new password/passphrase standard for all active Blazer ID users. This standard supports the Data Protection and Security Policy and is designed to improve the overall security posture on campus. This standard applies to all users and systems at UAB which utilize a BlazerID.

The basics of this standard include:

  • minimum/maximum length requirements for BlazerID passwords/passphrases
  • password/passphrase expiration intervals
  • restrictions on reusing the same password/passphrase for the six previous intervals
  • password/passphrase complexity requirements
  • system logging of failed attempts to log on
  • disabling of unused accounts after a specific interval of non-use
  • requirements for credential encryption while in transit
  • several other recommendations

An official copy of this standard can be found in the UAB Policies and Procedures Library and on the UAB IT Information Security website in the IT Related Policies and Guidelines page.

Questions on this standard and its implementation should be directed to AskIT at (205) 996-5555 or to the Enterprise Information Security line (205) 975-0842 or to