Skip to main content
Please sign in to view all the articles in the help center

Password Policy

At CENTRL, we incorporate the NIST (National Institute of Standards and Technology) 800-53 standards for our password criteria and policy. CENTRL has updated the password requirements to use an industry-standard strength checker. This affects new passwords only.

Note: As a change, users can now use dictionary words in their password as long as the overall password is complex. 

Password Requirements

The following parameters indicate the minimum requirements for creating a new password to set up user accounts in CENTRL. 

Your password Must:

  • Contain between 9 and 64 characters
  • Contain at least one (1) character from each of the 3 character groups mentioned below: 
    • Alphabetical Uppercase character (A - Z)
    • Alphabetical Lowercase character (a-z)
    • Numeric character (0-9 base digits) or Special character or Non-alphanumeric (such as ~! @ # $ % and space)

Your password Must Not:

*Passwords obtained from previous breaches* or known weak passwords. (Click here to download a current list of weak passwords). 

*Passwords obtained from previous breaches refer to compromised passwords that have been part of previous data breaches. 

Password Guidance

In order to create a password that is compliant with the parameters specified in our password policy, please refer to the table below for a condensed list of weak and strong passwords for your reference:

Weak Password** Examples

  • P@ssword1
  • W3lcome321
  • user@1234
  • Qwerty0987

Strong Password Examples

  • Cntrln7692
  • HumTdumt$@11
  • AMZn@Awa79
  • 1tsrAIn1NGc%

** For a detailed list of Weak Passwords, please refer to this link to download a list of passwords that users should refrain from using.

Password Best Practices

To reduce your organization's susceptibility to brute force and dictionary attacks, here are some recommendations to make your password as secure as possible:

  • Do not use personal information such as your real name, birth date, or your company name while setting up your password. 
  • Do not use context-specific words such as username. 
  • Do not use previously used passwords or existing passwords.

Password History and Change Frequency

We currently have no requirements for password history and password change frequency.