You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Password Requirements

Passwords for all CWF Computer Accounts (also known as Domain Account or Windows Account) must meet the following requirements:

  • Minimum length of 15 characters.
  • No spaces.
  • Cannot contain "Colonial" "Foundation" Williamsburg" or other words commonly associated with The Colonial Williamsburg Foundation.
  • Cannot match previously used passwords.
  • A mix of lowercase, uppercase, numbers and symbols (also known as "complexity") may be used but is NOT required.

Users are encouraged to use a passphrase of several unrelated but easy to remember words to construct their password.  For example: appleswimlovely.  

Computer Account passwords expire every 180 days and must be changed before then.  Users will receive an email when a password is 14 and 7 days from expiration.  Windows desktop sessions will also display a warning when a password is nearing expiration.

Initial Creation

When a new employee's onboarding paperwork has been processed, a new Computer Account will be created, and the username and temporary password will be sent to their supervisor.  It is the supervisor's responsibility to deliver this to the new employee.  The new employee must then enroll for Self Service Password Reset and MFA, and then change their password as soon as possible.  Links Below.

Acceptable Use

During initial employment onboarding, all employees must agree to and sign the Acceptable Use Policy.  That policy has this to say about passwords:

"It is your responsibility to adhere to the IT security guidelines, including, but not limited to the creation, format and scheduled changes of passwords. All usernames, passcodes, passwords, and information used or stored on CWF's computers, networks and systems are the property of CWF and/or CWC, as applicable. You may not use a username, passcode, password or method of encryption that has not been issued to you authorized in advance by CW

You may not share usernames, passcodes or passwords with any other person. You must immediately inform the IT Department if you know or suspect that any username, passcode or password has been improperly shared or used, of that IT security has been violated in any way."

Related Pages:

Enroll into Microsoft's Self Service Password Reset (SSPR) web portal
How to set up Microsoft MFA
Resetting your Password with Microsoft Self Service Password Reset (SSPR)

  • No labels