Skip to main content

User Knows Password

How long does my password need to be?

Your password must meet the following password complexity requirements:


  1. Minimum Password Length: 12 characters
  2. Enforce Password History (# of passwords remembered): 10 passwords remembered
  3. Passwords Must Not Contain: The user's account name or parts of the user's full name that exceed two consecutive characters.  Passwords will be analyzed for quality to ensure passwords do not contain words that are easily guessable or often seen in password attacks.  The evaluation process is outlined below…
    1. First step is normalization of the password using common character substitutions.  For example P@$$w0rd would be normalized to password.
    2. Fuzzy matching is then used to compare the password for how closely it matches banned passwords
    3. Substring matching is also used to check for the person’s first or last name and/or our organization’s name.
    4. A password score is generated.  Passwords not meeting a pre-determined score threshold will be rejected.  If a password is rejected, the user will be presented with the following message… "Unfortunately, your password contains a word, phrase, or pattern that makes your password easily guessable. Please try again with a different password."


What makes a good password?

It is time to get away from using passwords and start using passphrases or pass sentences.  Follow these tips for generating a strong passphrase:


  1. The more characters the better (16 is a good start). 
  2. Pick 3-4 random words that will be easy to remember (e.g. coursebandshinytune)
  3. Include uppercase and lowercase letters, numbers and symbols (e.g. courSeb@ndsh1nytun3)



  1. Do not include personal information or words someone might associate with you in your password.
  2. Do not reuse passwords for different websites and services.  Never use your SOM password for any other online service.



Other important tips…

  • Always enable Multifactor authentication when available for authentication. 
  • Don't use your University email account to register for online services not related to your job.  Use a personal email account.
  • Don't allow web browsers to remember your passwords.  Use a password manager to securely store your passwords.  Most password managers will also automatically fill the logon forms.  The SOM Information Security Office recommends LastPass 

How to change your password on your SOM domain connected PC (on campus only)

  • Passwords can be changed by clicking "Control+Alt+Delete" and "Change a Password" Follow the prompts to successfully change your password

Changing Password via SOM Password Management Site

  • The Password Management Site is where SOM users can reset their passwords. Log in with your email address and password.
  • Click "Change Password" and follow the prompts. Your new password must meet all complexity requirements.
  • Please note the personal information cannot be modified by the user. If you desire to update this contact data, please contact the SOM Help desk to do so.

How to change your password via Office 365 (on/off campus)

  • Password can be changed via the Office 365 settings menu. Click the Security\Privacy tab and then the "Password" link

Troubleshooting Password Reset errors-Best Practices for Resetting SOM Password

  • Before resetting password, please close all browsers and open Office 365 or the Password Reset website by itself. Often times, browsers hold cached credentials for different websites in multiple tabs and you may run into an error similar to this:

"Get back into your account. Your account is not enabled for password reset

We're sorry, but your administrator has not set up your account for use with this service. 
If you'd like, we can contact an administrator in your organization to reset your password for you."

  • Reset your password when you first receive notification via email that your password is about to expire.  The email notification will happen 14 days before your password is set to expire.  The recommendation is not to wait until the last day to reset your password.  Please do as soon as you can after you receive your first password expiration via email for the most seamless password reset experience as to not cause interruptions to your SOM account.
  • If possible, reset your password while on campus on your PC desktop/laptop.  This will be the most seamless password reset experience as to not cause interruptions to your SOM account.

Contact SOM Help Desk

If you're unable to reset your password using the above methods, you're welcome to call or email the help desk at 410-706-3998. The help desk technician will verify your identity when requesting a password reset.