The Information Technology Services Division (ITSD) has changed the department’s current password standard to reduce the frequency of password changes, strengthen password selections, and to comply with State password standards.   

Key changes:

1. Passwords will be changed every 180 days, instead of 90 days.
2. Inability to reuse your lastpasswords reduced from the last 12 passwords used to the last 10.
3. Accounts will be locked out after 5 failed password attempts, instead of 8.
4. Entering known weak passwords and their variants, such as Summer2021 or covid19 will now be proactively blocked.

What remains the same:

1. Minimum password length is 8 characters.
2. Passwords must contain a combination of upper and lowercase letters, numbers, and special characters.
3. No changes for CIDOR passwords.  

Message Prompts:

The following message prompts will be displayed when attempting to change a password that does not meet the defined password standard or the system has determined the password contains a word, phrase, or pattern that makes your password easily guessable. You will need to choose another password.

1. Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain.
2. Choose a password that’s harder for people to guess.
3. Unfortunately, your password contains a word, phrase, or pattern that makes your password easily guessable. Please try again with a different password.

You can find more information about DOR’s password standard and how to change your password on the DOR intranet. 

Thank you,

Information Security Office