Not contain the user's account name or parts of the user's full name that exceed two consecutive characters
Be at least nine characters in length
Users are encouraged to use passphrases
Complex passwords are not required
Multifactor authentication must be enabled for all employee, consultant, intern and temporary user accounts.
Passwords are set to never expire.
Passwords will be checked against known compromised credential databases before creation/change is successful.
