Password Management - University of Houston
Skip to main content

Password Management

Creating Stonger Passwords

UH has a strong password standard to protect the university's systems, data and network. UH's password security recommendations are commensurate with the importance of the protected information and data.

This means that low-risk, less-critical UH systems such as IT Training or personal e-mail accounts don't require the same degree of password protection as systems with higher risks associated with them.

UH Password Standard

  1. Minimum Password Length: 8 characters
  2. Expire passwords every 180 days and prevent their reuse for a year
  3. Passwords must contain at least one character from each of the following classes"
    1. Alphabetic: Upper or lower case (a-z, A-Z)
    2. Numeric: 0-9
    3. Special Characters: !    #    %    &    (    )    *    @    ^
  4. Lockout: After multiple consecutive failed login attempts an account will be locked for 5 minutes.

One way to meet the suggested criteria for creating strong passwords is to mix special characters, upper and lowercase letters, and numbers, and associate them with a phrase or song titles. The following example demonstrates how you might do this:

  1. Choose a Phrase:
        Home of the University of Houston Cougars.
  2. Write down the first character of each word:
        HotUoHC-s
    (To meet the 8 character minimum, Cougars was hyphenated as "C-s".)
  3. Substitute special characters and numbers to increase complexity:
        H0tUo@UU-s

    
NOTE: Choose substitutions that are meaningful to you; this makes it easier to remember.

Passwords should NOT be:

The Password Reset web site already adheres to these stronger password requirements.

Password Expiration

The purpose of a computer account password is to grant access to the account owner and restrict it from others. As a security measure, computer account passwords expire on a regular basis and must be changed. It is the responsibility of the account owner to make the password something that is easy to remember but difficult for someone else to guess. UIT recommends you change your passwords every month.

Password Reset

Lost or forgotten passwords can be reset online by the owner of the computer account. The computer account owner can request a password reset online or by contacting the IT Support Center at 713-743-1411 or Livechat. Account ownership will be verified using your Cougar Card and other demographic credentials.


Recommended IT Best Practices

Password Use and Computer Account Security

If you use a computer system at UH, University Information Technology (UIT) recommends you change your password every month. Since potential computer hackers use a variety of methods to obtain passwords, customers who change their passwords regularly will decrease the likelihood of an unauthorized person accessing their accounts.

Passwords may be obtained through a number of ways. The most common methods involve using familiarity with the person to guess their password, checking near a computer for written passwords, or by simply overhearing or being told the account owner's password.

In addition to regularly changing their passwords, IT customers should do the following to ensure their passwords are secure:

Customers who need assistance with their passwords should contact their local support providers, or the UIT Support Center at 713-743-1411 or Live Chat.