Password Change Procedure
Password Requirements
The new password must meet the requirements described in 556-ISMS-00-23 Password Policy, which are notably:
- 12 character minimum length
- No requirements for complexity (numbers, symbols, case)
- May not be composed primarily of commonly used words (e.g., “Passw0rd”) or words that are attributable to our organization (e.g., “Kinectrics”, “Kipling”). Additional length can offset the use of a blocked word.
- May not match passwords for other accounts you control (work or personal)
Does 12 Characters seem like it's too long to remember?
We recommend not to think of it as a password, and instead think of it as a passphrase. As an idea, the UK National Cyber Security Centre recommends picking Three Random Words.
Changing your password
While on-network or VPN
- Press the CTRL+ALT+DEL keys on your keyboard at the same time
- Select Change a password
- Enter your Old Password, then a New Password that meets the requirements in the Password Requirements section above.
NOTE: If the new password is rejected despite being 12 characters or longer, it is likely that the new password you are using includes a blocked word. (see Password Requirements section above)
While off-network
- Go to https://account.activedirectory.windowsazure.com/ChangePassword.aspx (use Private/Incognito browser tab if necessary)
- Authenticate using Multi Factor Authentication (MFA) if necessary
- Enter your Old Password, then a New Password that meets the requirements in the Password Requirements section above.
If you are working remotely and have a corporate laptop that was unavailable to you when doing this process, it is likely that your laptop still expects your old password. To bring it back into sync, please follow the process in this article: Resync "Cached" Computer Login Password