Information Technology

University to implement Lifetime Password policy for Penn State Accounts

Credit: Talia Barnes / Penn StateAll Rights Reserved.

UNIVERSITY PARK, Pa. — The Office of Information Security (OIS) is making changes to Penn State Account password requirements. Once an account holder changes their password to meet the new requirements, it will never expire, and never need to be changed unless someone else gains access to it. 

As part of the implementation, faculty, staff and technical service employees are required to change to a Lifetime Password by May 12. 

“The new Lifetime Password initiative will better align the University’s password management practices with National Institute of Standards and Technology guidelines and industry best practices,” said Rich Sparrow, interim chief information security officer. “The initiative will allow account holders to create passphrases that are easy for them to remember, yet complex and harder for computer programs to hack.” 

In the past, it was considered best practice to require upper and lowercase letters as well as numbers and symbols when choosing a password. Over time, computer programs have evolved and can now hack these more easily.

By removing such requirements and by encouraging the use of passphrases — a sentence or series of words with personal meaning — the new Lifetime Password approach offers greater freedom for account holders to choose a password that’s simple to remember and quicker and easier to type. 

Coupled with Two-Factor Authentication (DUO), Lifetime Passwords will also help enhance user experience and minimize workflow disruptions incurred by having to change expired passwords.  

Since this is the first time many account holders will be required to change their password while working remotely, faculty, staff and technical service employees will be contacted by their respective IT units with instructions on how to set their Lifetime Password.  

Students, retirees and sponsored account holders are not required to change their passwords until they expire. However, Lifetime Password requirements will be applied when any Penn State Account holder creates, changes or resets their Penn State Account password. 

To learn more about Penn State’s new Lifetime Password requirements and to find tips for choosing a secure and easy-to-remember password, visit security.psu.edu/passwords.

Last Updated February 15, 2021