Password Policy

Requirements

Your password:

• Expires in 6 months (180 days)
• Must be at least 8 characters in length
• Must have at least one special character (& * $ etc.)
• Cannot contain the following characters: <, >, or ;
• Must have at least one number.

Why do I have to change my password every 6 months?

• If you're required to change your password at least every six months, someone who's hacked your password and has been accessing your account without your knowledge will immediately be shut out once your password is changed. Some may think this is an uncommon scenario, but people commonly sell an old computer and forget to erase passwords they may have saved for accessing their email or personal online accounts.
• If you change your password at least every six months, hackers who may be trying to crack your password using brute force (trying different combinations over and over) basically need to start over because your password may now have been changed to some pattern they've already tried and rejected.
• Forcing a password change also discourages users from using the same password on multiple accounts. Using the same password on multiple accounts is bad because then your password is only as secure as the least secure of the systems sharing that common password, and if your account does get compromised, the bad guy suddenly has access not just to one account, but to multiple accounts, magnifying the scope of the problem.

Additional Resources

Here are some great resources:

Microsoft password strength checker

Password cracking speeds

Password cracking details