NIST Center for Neutron Research NIST Center for Neutron Research National Institute of Standards and Technology
Password Security Requirements
NCNR requires: 
  • All passwords must have at least twelve (12) non-blank characters.
  • At least one of the characters must be a number (0-9) and one of the characters must be a alphabet and one of the characters must be special character (e.g. ~, !, $, %, ^, and *).
  • No character may be repeated more than four (4) times.
  • Passwords must be changed at least every ninety (90) days.
  • Passwords must not be reused for two (2) years, nor can any of the last eight (8) passwords that have been used be reused.
Additionally, NCNR recommends the following for selecting a more secure password: 
  • Change your password frequently, and do not reuse old passwords.
  • Do not use the same passwords that you use on other websites.
  • Use a password that will be easy for you to remember, but difficult for others to guess.
  • Do not use a spouse's name, your birth date / anniversary or any other piece of publicly accessible piece of information.
  • Avoid using dictionary words.
  • Use the first letters of a phrase or saying, or misspell words (example: "To Be or Not To Be" could become 2BON2B).
  • Use two or more words together (1MoreExample).