Password Requirements

Effective May 2021, Duke implemented a new password policy that eliminated the need to change NetID passwords, unless compromised, for most users. The new policy is in alignment with national standards that suggest short passwords, that are changed frequently, are less secure. 

The National Institute of Standards and Technology (NIST) has established that updating passwords regularly does not generally increase security or enhance usability. NIST also found that when passwords are updated frequently, users resort to workarounds that can ultimately decrease the effectiveness of security controls.