Network Account Passwords - Policy
Authorized users of the USNA Mission network have consented to the Acceptable Use Policy for USNA IT Resources and the Navy User Agreement and Consent Provisions, and have accepted responsibility for secure operational behavior which includes protecting and maintaining passwords. The following DoD security requirements are in effect for standard non-privileged-user network account passwords:
Complexity:
- Must be at least 14 characters in length.
- Must contain at least:
- Two uppercase letters [A-Z]
- Two lowercase letters [a-z]
- Two digits [0-9]
- Two special characters [e.g.: !@#$&*]
- A new password should differ from the changed password by at least 4 characters.
- A password cannot contain your network account name, username or display name.
Example: If account name = Joe Gish
And username = jgish
And display name = Joe Gish CIV USNA Annapolis
Then regardless of case, the following cannot be any part of a password:
joe, gish, jgish, civ, usna, annapolis
Periodicity:
- A password cannot be changed to any of the most recent 24 passwords.
- Must be changed no less frequently than every 60 days.
- Cannot be changed more frequently than once per day.
- A network account will be locked for 60 minutes after three incorrect passwords are attempted in a 60 minute period.
