CCNY IT header image CCNY OIT

Password Guidelines

The software used to change passwords will screen for most of these guidelines as an aid in creating secure passwords. As a precaution, please make sure to create your own password (following the below guidelines) and keep it in a safe place. You can check our IT Security site (to be found via the IT website) for information on how to keep your data safe.

The new password must differ from the previous password.

The password must contain:

  • at least eight (8) characters (the longer is better up to about 25)
  • at least one uppercase and one lowercase alphabetic character
  • at least one numeric character

The password may: (recommended)

  • use special characters such as *, $, +, etc.
  • mix more than one upper and lower case alphabetic character
  • be longer than minimum password setting
  • be changed frequently (See Below)

The password cannot contain:

  • your first or last name
  • your birth date
  • your email account name
  • your student ID

Tips for selecting a strong password:
You can select a memorable nonsense phrase, and use the first letter of each word; for example the phrase: ‘go Put 4 TVs in a Freezer*’ yields the password: gP4TiaF*

Never give your password to anyone; City College staff will never contact you for that information. Protecting your password is very important to guard against unauthorized access and misuse of services in your name. more!

Please note that as of 2014, CUNY IT Security Procedure lists:

    8. Passwords – Passwords and private encryption keys must be treated as Non-Public University Information and, as such, are not to be shared with anyone. A password must be entered by the user each time he or she authenticates to a University system. Use of auto-complete features to expedite or script user logins (e.g., “Windows Remember My Passwords?”) is prohibited.

    All passwords must be changed at least every 180 days. Accounts which have privileged access must be changed at least every 60 days. Privileged access accounts are identities with elevated authority across multiple user accounts and/or system-wide permission rights, typically named root, administrator, admin or supervisor. Passwords should not be based on personal information (e.g., family names, pets, hobbies, and friends) and should be difficult to guess. Passwords should be at least eight characters in length.
    Each University entity may adopt more stringent password controls.

For questions, users can contact the Service Desk x7878 or

IT footer Facebook IT Twitter CCNY IT YouTube