The Office of Information Technology has made significant changes to the password rules used for authorization to university services. Implementation of this change will begin this fall; for details see below.

Why are these changes happening?
In response to a New Jersey state audit recommendation, the Office of Information Technology will be implementing new password rules to improve security. Passwords are a critical component of information and network security. Longer passwords (sometimes called passphrases) and more frequent password changes offer additional protection not covered by other types of security. These changes are also prescribed by best practices for maintaining security at the appropriate level for a university research institution.

What are the changes in the password rules?
The principal rule changes are:

For tips on selecting a strong password, go to the RUsecure website.

When will this happen?
The dates below are notification and expiration dates, where notification will begin thirty days prior to the expiration dates.
Approximate schedule (subject to change):

How will the changes be implemented?
There will be a rolling implementation starting with OIT staff. Users will be prompted at the Rutgers Central Authentication Service (CAS) login screen to change their password within 30 days. CAS is used when you login to myRutgers, RIAS and many other applications. The prompt will continue until the user complies. Failure to do so will result in a lock-out after 30 days; once locked-out the user will have to reset their password to continue.

The password change tool, the NetID Management tool, has been updated to handle this change. If you have saved your NetID password on any of your mobile devices you will need to update them also.

Important Note: There are certain times during the day that you will be not able to change your password. The tools that allow password changing are not available at various times to allow for backup of the password databases. This is being done every 2 hours during this university wide password change process, to ensure that a valid copy of all password data exists providing full redundancy and reliability. The times that password changing will not be allowed are for 11 minute intervals, every 2 hours, from: 1:04 to 1:15, 3:04 to 3:15, 5:04 to 5:15, 7:04 to 7:15, 9:04 to 9:15 and 11:04 to 11:15. This is both for the AM and PM, every day of the week. If any of this changes in the future, it will be reflected on this website.

Who is covered by the new rules?
The rule applies to all faculty, staff and students on all three campuses.

Can I change my password before being prompted?
Yes, the NetID Management tool has been updated and users will be able to use it to reset their passwords to the new rule length.

Are there any other changes happening because of the password rule change?
Yes. The Rutgers Central Authentication Service uses a computer network authentication protocol called Kerberos. As part of the strategy to implement the password recommendations, it was decided to merge the two existing Kerberos realms (faculty/staff and students) into one. This will eliminate the possibility of some users having two passwords; there will be one password for account access per user. There will be a direct mailing to users affected by this change with the information they will need to move to one password.

Where can I get help?
If you have any questions or need assistance regarding this implementation, please contact your local computing Help Desk: