CIPS Password Rules
Strong password rules protect Federal agency records from unauthorized access or modification. CIPS users are required to use the new rules when creating or changing passwords.
- Passwords must be exactly 8 characters long (formerly 7-8).
- Passwords cannot contain any portion of the user id.
- Passwords must contain one or more characters from each of the following three classes:
- Letters (A-Z, a-z, or any combination)
- Numbers (0-9)
- Special characters <e>@ # $ </e>
- Passwords cannot contain repeating letters or numbers (aa, DD, 11, 22, etc.).
- Passwords must be changed at least every 90 days.
- Passwords cannot contain common words and abbreviations.
- A user's last three passwords and current password cannot be reused.