What is a FIPS112-compliant password?
A FIPS 112-compliant password requires the following characteristics:
Composition: Password should contain both upper and lower case characters (e.g., a-z, A-Z) and have digits and punctuation characters as well as letters. Example: 0-9, !@#$%^&*()_+|~-=\‘{}[]:";’<>?,./
Length: The minimum length is 8 characters. Longer passwords will provide stronger security. Passwords are more easily remembered as a passphrase. Example: Don’tUseMyExactExample2
Lifetime: The maximum life is one (1) year and a change is recommended every three (3) months where practical. "Passwords shall be replaced as quickly as possible, but at least within one (1) working day from the time that a compromise of the password is suspected or confirmed"
Source: Users should not select a password that can be found in a dictionary or name list
Ownership: Passwords should not be shared
Distribution: Passwords should not be shared in email
Storage: Passwords should not be stored insecurely
Entry: Passwords should be entered in a way that others cannot observe entry
Transmission: Passwords should never be transmitted in clear text
Authentication Period: Users are recommended to lock their screen when leaving their area and to have an inactivity, auto-lock, password-protected screensaver set to protect unauthorized use of their token and system.