University of Idaho - I Banner

Updated Password Policy Allows Long Expiration

July 19, 2019

New password standards will allow most users to maintain the same password indefinitely when combined with Secure Multi-Factor Authentication (MFA). Secure MFA includes using the DUO Mobile application or a hardware token and never using SMS or voice calls for identity authentication. With the addition of MFA via DUO across most U of I accounts the risk of compromise has significantly decreased.

Many users will be enrolled automatically in Secure MFA and provided long or indefinite password expiration if they already use a long password and use only DUO Mobile or a hardware token. Users will soon be notified by email if they have been automatically enrolled. For students and most faculty and staff, the password length has been reduced to 12 characters and will no longer be checked for dictionary words. If users not automatically enrolled want a password that has practically no expiration:

Some users, including those with access to high risk data or systems, may have additional restrictions. Learn about the new policy changes for these accounts. ITS is committed to ensuring the security of user data and providing quality technical support and customer service to users. For help, contact a TSP, local support, or go to

About the University of Idaho

The University of Idaho, home of the Vandals, is Idaho’s land-grant, national research university. From its residential campus in Moscow, U of I serves the state of Idaho through educational centers in Boise, Coeur d’Alene and Idaho Falls, nine research and Extension centers, plus Extension offices in 42 counties. Home to nearly 12,000 students statewide, U of I is a leader in student-centered learning and excels at interdisciplinary research, service to businesses and communities, and in advancing diversity, citizenship and global outreach. U of I competes in the Big Sky and Western Athletic conferences. Learn more at