Password Policy for Staff & Faculty

Modified on Thu, 20 Feb 2020 at 03:33 PM

It is the responsibility of every Naropa employee to understand and follow the following password policy. Failure to do so can result in disciplinary action.

All passwords must be a minimum of 8 characters long.

Passwords expire every 180 days. All passwords must be changed once every 180 days. Users will be automatically notified via email when their password is within 15 days of expiration. 

New passwords cannot be a derivative of any password created prior to it (ex: Naropa01 and Naropa02 are too similar to be accepted). Nor will a password be accepted that's been used in the past 10 iterations.

All passwords must meet complexity requirements. Passwords must have the following properties: 

Contains characters from three of the following four categories:


  • Uppercase characters (A through Z).
  • Lowercase characters (a through z).
  • Base-10 digits (0 through 9).
  • Non-alphanumeric characters (for example, !, $, #, %).

Do not write passwords down and store them anywhere in your office. In fact, passwords should never be written down at all. The best security is to remember your own password with no written record.

Passwords are never to be revealed to others. This includes co-workers, supervisors, department directors, family members.  During the course of troubleshooting, IT staff may need to log in as you or otherwise use your domain credentials. We will always identify ourselves by name and phone number.  After we are done working with you, please reset your password, so that it remains secure and private.

Workstudy accounts are exempt from this particular policy as needed. Workstudy accounts often have multiple personnel accessing them, thus requiring multiple users to know the account password. However, please restrict access to department personnel with a need to know only.  There are a few other rare accounts which likely function in the same way workstudy accounts will – having multiple users for the same account login. Those accounts will be treated in the same way as workstudy accounts.

If you suspect an account has been compromised, report it immediately to IT, and change all of your passwords immediately.

If someone else should ever ask for or demand your password, refer them to this document. If that is insufficient, refer them to IT. Again - do not give out your password. Doing so may result in disciplinary action from management and/or Human Resources.


When an account is within ten days of password expiration, the domain will begin notifying the user of the pending expiration. On Naropa systems, a notification window will be displayed once a day (on average).

When an account is within seven days password expiration, you will receive an email reminding you to change your password.

In Naropa Outlook Web Access (OWA), a notification tab will be displayed near the top of the Outlook menu. This tab is generally small, and easy to go unnoticed. Also - this tab may not be displayed when using browsers other than Internet Explorer. Once these notifications begin showing up, it's important to change your password before it expires.

Once an account password has expired, there is no way for a user to remotely change their password via the OWA interface at all, so changing the password pro-actively is the best course. Otherwise contacting the IT help desk is the only option.

Changing your password:

Domain users (Naropa systems on the network) can change their password manually if so desired. Press the "ctrl", "alt", and "del", keys on the keyboard simultaneously. This will bring up a menu, select "Change Password". In the new window enter the current password, and then enter the new password twice. Be aware of the password complexity requirements outlined at the beginning of this page

Changing your password via Outlook Web Access (OWA) can be done by logging in to OWA, selecting "Options", clicking on "Change Password" in the left menu, and entering your old password, and the new password desired twice as indicated.

Again - account passwords cannot be changed via OWA once the password has expired.

Update your devices and email proxies:

After you have changed your password, please update the information in anything that accesses the Naropa wireless network or checks your Naropa email.  This includes personal laptops, smart-phones, tablets, etc..

If you change your password and don't update your devices, they may continue to try to access Naropa resources using the old password. If this happens 10 times, your account will be automatically locked out for 30 minutes.

Once a password has expired:

Naropa systems on the domain will be notified of the expiration when next used to login, and the user must change their password at that time. 

As noted above - Outlook Web Access is not accessible on any accounts where the password has expired. Please change your password prior to expiration.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article