Overview
Following a review of industry security standards and our current compliance requirements, the IT Security team is rolling out an updated password policy effective April 1, 2026.
What's Changing
| Requirement | Current | New |
|---|---|---|
| Minimum length | 12 characters | 16 characters |
| Complexity | Uppercase + number + symbol | Same (no change) |
| Password history | Last 5 cannot be reused | Last 10 cannot be reused |
| Maximum age | 180 days | 90 days |
| MFA required | Optional | Mandatory for all staff |
What You Need to Do
- If your current password does not meet the new 16-character minimum, you will be prompted to change it on your next login after April 1.
- Enroll in MFA before April 1 if you haven't already — see the 2FA Setup Guide.
- We strongly recommend using the company-approved password manager (1Password or Bitwarden Business) to generate and store your new password.
Why This Change?
These updates align with NIST 800-63B guidelines and are required by our cyber insurance provider as part of our annual policy renewal.
Questions? Contact the Security team at security@company.com.