What is the UMES Password Policy?
The Password Policy

Password Length – 8 characters minimum

Passwords will require a mandatory minimum length of 8 characters.

Password Age – 120 Days Maximum

Passwords will be required to be changed to a different password every 120 days.  To make sure your account does not get locked out, we recommend you change your password before you leave the campus for an extended period of time , such as Summer break.

Password Age – 2 Days Minimum

A password that is changed must be kept for a minimum of 48 hours.  This means once you change your password, you cannot change it again for 2 days.

Password History – 6 Unique Passwords

There are also rules set to how often you must make your password unique.  You cannot change your password to the same password you had the past 6 times.


If you incorrectly enter your password more than 4 times in 30 minutes your account will be locked.  The only way to have your account unlocked is to contact one of our IT professionals at the Help Desk.  Students should be prepared to give their 7-digit UMES ID Number to have an account unlocked.


The password must be ‘complex’.  The following items are considered a part of a complex password:

Password not be a simple word (e.g. password, welcome, hello)
Password not include three or more characters from the user name
Password contain characters from at least three of these categories:
English uppercase letters (A – Z)
English lowercase letters (a – z)
Base 10 digits (0 - 9)
Non-alphanumeric (for example: !, $, #, or %)

To face the important issue of poor password management, and to adhere to State policies, the UMES Information Technology Department has created a domain-wide password policy.  This will affect the password you use for your single sign-on domain account used for computer login, e-mail, WebCT, ImageNow and HawkWeb.  The following information is provided to help understand the password policy so everyone can make a seamless transition.

The effects of poor password management on security and financial health are well documented.  Attackers often gain access to sensitive data through weak or stolen passwords.  Additionally, attackers can use accounts to launch sophisticated and dangerous intrusions into an organization’s IT systems.  Also at stake when not practicing good password techniques is your personal identity and welfare, such as access to your bank account website.