1.1.1 ACE: Password Complexity

EFFECTIVE: 6/1/2008 · REVIEWED: 3/23/2011

Objective #

In order to comply with the University of Tennessee’s information technology policies and industry best practices, new functionality has been added to ACE that provides for password complexity, password expiration, and an anti-hacker feature that locks a user account after 5 invalid login attempts.

Password Complexity #

ACE passwords must be at least eight characters but no longer than twelve characters. The password must include at least one numeral, one non-alphanumeric value (e.g., a punctuation mark), one upper case letter, and one lowercase letter.

Password Expiration #

ACE passwords will expire every 90 days. A warning message indicating how many days remain until their password expires will be sent to each user beginning 14 days ahead of the actual day of expiration. This message will display each time a user logs on to ACE until the password is changed or expires. If a user attempts to log in after the password has expired, the attempted login will take the user directly to the “Change Password” window.

User Lockout #

A user will be allowed five invalid login attempts within a thirty-minute period. After five unsuccessful attempts ACE will lock the account. If a user account is locked, the user must contact ACE Help at 865-974-4153.

For questions regarding this policy, contact the Advancement Services help desk at (865) 974-4153 or email [email protected].