Get the latest Employee Updates, information on working from home, policies, and data related to COVID-19.
Passwords
In order to ensure that only authorized City employees are able to access the City's computer network, Information Technology implemented the policy of username and password network authentication. To be safe and effective, passwords must be both protected from intruders and also easily remembered.
You should NEVER:
- Write your password down and leave it for someone to find.
- Make your password a single word, color, name, sports team, etc. These passwords are easily guessed, and your account will be compromised if your password is in the dictionary.
- Give your password to anyone, even a supervisor or someone else in your agency.
- Keep a list of passwords.
If someone in your agency needs access to files on the network (F: drive), to which only one employee has access, you need to have one of your agency's authorized network security officers contact the Help Desk and request that rights be given to the required files/directories.
Changing Your Password At Work
To protect the City's network, your password will expire every 180 days. You must use a different password each time the previous password has expired.
- Log in to your workstation.
- Simultaneously select the CTRL, ALT and DELETE keys on your keyboard.
- Click on "Change a password". This will display 3 boxes to fill in.
- Enter your old password (current password) and your desired new password.
- Click on OK. Your network password has been changed.
If you have a smartphone configured to receive your city email, you must change the password on the smartphone when your network password changes. Failure to do so will result in your account being locked out each time the smartphone tries to update new mail messages.
Changing Your Password Remotely
When connected to the City's network remotely through VPN or RDS, you will be notified 14 days before your password expires. Please change your password before it expires to prevent your account from being locked.
On the Virtual Private Network (VPN)
On Remote Desktop Services (RDS)
Password Policies
Adopting strong password policies is one of the most effective ways to ensure system security.
- Your password must contain characters from each of the following 3 classes:
| Character Type | Examples |
|---|---|
| 1. English Letters Not case sensitive |
A, B, C, … Z a, b, c, … z |
| 2. Numerals | 0, 1, 2, … 9 |
| 3. Non-alphanumeric "Special characters" |
Punctuation, Symbols: { } [ ] , . < > ; : ' " ? / | \ ` ~ ! @ # $ % ^ & * ( ) _ - + = |
- Your password must be at least 8 and not more than 14 characters long.
- No more that 3 consecutive characters are allowed (i.e., aaa) and no more than 5 of the same characters are allowed (i.e., 1aaabaa).
- Your password will expire every 60 days.
- You will not be allowed to reuse your previous 12 passwords.
- Your password may not contain your E-mail name or any part of your full name.
Remembering Your Password
A complex password that cannot be broken is useless if you cannot remember it. For security to function, you must choose a password you can remember and yet is complex.
The best passwords are at least eight characters long and make no sense to the naked eye. They include the first letters of phrases peppered with numerals and random punctuation and numbers.
Because you must change your password every 180 days, use a theme for your passwords. Possible themes might include lines from Shakespearean plays, verses from your favorite poems, or refrains from your favorite songs. Take the first letter from each word of the phrase, drop in a few numbers and random punctuation characters. This way, your password will be easy for you to remember, but difficult for others to guess.
A good example of this is a password of tr!s,fmitp45. This comes from a familiar phrase from "My fair Lady". Take the first letter from each of the words in "The rain in Spain falls mainly in the plain". Substitute an exclamation mark for the letter "i", and add a comma between the words "Spain" and "falls" and add a number.
More examples: msi5!yold (My son is 5 years old), or ihliMf5#yn (I have lived in Madison for 5 years now).
If your expired password met all the guidelines, you can add a prefix or suffix, or increment one of the numbers in it, to make the new password familiar to you and easier to remember.