Skip to main content
FAQ Question

What is a FIPS112-compliant password?

FAQ Answer

A FIPS 112-compliant password requires the following characteristics: 


Composition: Password should contain both upper and lower case characters (e.g., a-z, A-Z) and have digits and punctuation characters as well as letters. Example: 0-9, !@#$%^&*()_+|~-=\‘{}[]:";’<>?,./


Length: The minimum length is 8 characters. Longer passwords will provide stronger security. Passwords are more easily remembered as a passphrase. Example: Don’tUseMyExactExample2


Lifetime: The maximum life is one (1) year and a change is recommended every three (3) months where practical. "Passwords shall be replaced as quickly as possible, but at least within one (1) working day from the time that a compromise of the password is suspected or confirmed"


Source: Users should not select a password that can be found in a dictionary or name list


Ownership: Passwords should not be shared


Distribution: Passwords should not be shared in email


Storage: Passwords should not be stored insecurely


Entry: Passwords should be entered in a way that others cannot observe entry 


Transmission: Passwords should never be transmitted in clear text 


Authentication Period: Users are recommended to lock their screen when leaving their area and to have an inactivity, auto-lock, password-protected screensaver set to protect unauthorized use of their token and system.