On November 19, 2025, the minimum required length for new or changed PennKey passwords will increase from 8 characters to 16 characters. See below for details.
What's Changing
- Minimum required length for new or voluntarily changed PennKey passwords will increase from 8 to 16 characters as of November 19, 2025
- No forced updates for existing passwords – existing passwords that do not meet the new requirement will still be valid
- No change to complexity – passwords will follow the same complexity requirements in place today (16-19 characters require upper- and lower-case letters, 20+ character passwords have no special requirements)
- Applies to all passwords, not just PennKey, e.g., privileged accounts, local accounts, database; see the the IT Security Standards page
Current password guidelines are available on the PennKey website.
Who's Affected
- New PennKey users who set up their passwords starting November 19, 2025
- Existing PennKey users who choose to update their passwords from November 19, 2025 onward
Benefits
- Improves security by protecting against modern password attacks
- Aligns with current industry standards
- Simplifies PennKey complexity requirements, enhancing usability
- No anticipated need for length increase in the near future
Help & Resources
- Users should contact their Support Providers for help
- Support Providers may contact ISC Client Care for issues
- See the "Passwords" section on the IT Security Standards page