At CENTRL, we incorporate the NIST (National Institute of Standards and Technology) 800-53 standards for our password criteria and policy.
The following parameters indicate the minimum requirements for creating a new password to set up user accounts in CENTRL.
Your password Must:
- Contain 8 and 64 characters
- Contain at least one (1) character from each of the 4 character groups mentioned below:
- Alphabetical Uppercase character (A - Z)
- Alphabetical Lowercase character (a-z)
- Numeric character (0-9 base digits)
- Special character or Non-alphanumeric (such as ~! @ # $ % and space)
Your password Must Not:
- Contain common dictionary words such as "Password" or words with string characters such as T$5house4%.
- Passwords obtained from previous breaches* or known weak passwords. (Click here to download a current list of weak passwords).
*Passwords obtained from previous breaches refer to compromised passwords that have been part of previous data breaches.
In order to create a password that is compliant with the parameters specified in our password policy, please refer to the table below for a condensed list of weak and strong passwords for your reference:
Weak Password** Examples
Strong Password Examples
** For a detailed list of Weak Passwords, please refer to this link to download a list of passwords that users should refrain from using.
Password Best Practices
To reduce your organization's susceptibility to brute force and dictionary attacks, here are some recommendations to make your password as secure as possible:
- Do not use personal information such as your real name, birth date, or your company name while setting up your password.
- Do not use context-specific words such as username.
- Do not use previously used passwords or existing passwords.
Password History and Change Frequency
We currently have no requirements for password history and password change frequency.