What are the password requirements and why are they important?

Using a strong password helps keep both your own sensitive personal information and valuable University resources safe — that’s why it’s required of all HarvardKey users per official Harvard policy. To see tips on how you can create a strong password that's also easy for you to remember, see the guidance on the Information Security website.

To help keep your information safe, your password must contain:

  • At least 10 characters (and up to 100 characters)
  • 5 or more unique characters
  • At least 3 of the following: uppercase, lowercase, numeric, or special characters.  The allowed special characters are ~ ! @ # $ % ^ * - _ = + [ { ] } / ; : , . ?  [no spaces allowed!]

Additionally, your password may not include:

  • Your email, part of your name, or part of your address
  • Common words or abbreviations/acronyms of 5 or more letters unless your password is more than 20 characters long (in which case you can use words)
  • Number sequences of 4 or more numbers
  • Character repeated 4 or more times

Remember, if you ever feel that your password may have been compromised, it's important to change it as soon as possible. HarvardKey holders can change their passwords at any time by visiting HarvardKey self-service.

See also: Passwords