As of November 19, 2025, the minimum required length for new or changed PennKey passwords has increased from 8 characters to 16 characters. See below for details.
Who Is Affected?
- New PennKey users who set up their passwords from November 19, 2025 onward
- Existing PennKey users who choose to update their passwords from November 19, 2025 onward
What Changed?
- Minimum required length for new or voluntarily changed PennKey passwords has increased from 8 to 16 characters as of November 19, 2025
- No forced updates for existing passwords – existing passwords that do not meet the new requirement are still valid
- No change to complexity – passwords follow the same complexity requirements previously in place (16-19 characters require upper- and lower-case letters, 20+ character passwords have no special requirements)
- New standard applies to all passwords, not just PennKey, e.g., privileged accounts, local accounts, database
Benefits
- Improves security by protecting against modern password attacks
- Helps us meet funding agencies’ data use agreements
- Aligns with current industry standards
- Simplifies PennKey complexity requirements, enhancing usability
- No anticipated need for length increase in the near future
Help & Resources
- IT Security Standards page
- Current password guidelines on the PennKey website
- Users should contact their Support Providers for help
- Support Providers may contact ISC Client Care for issues