This policy describes the requirements for passwords that provide access to Hamilton College computer systems and institutional data. Adherence to this policy will increase the security of information shared by the Hamilton community.


This policy applies to all faculty, staff and students at Hamilton College and all computer systems (except those excluded below) that have accounts relating to official college business, including both internal and external systems.

Revision History

Approved, December 2014.

Last updated: March 1, 2023


The requirements for passwords are a combination of length and complexity.

Length and Complexity

What does a good password look like using Hamilton’s password rules?

Your password:

  • Is used for your login to the network, HillConnect, and connected systems (e.g., Blackboard, WebAdvisor, My Hamilton, campus wireless network). If you are unsure if the Hamilton system you use is considered a “connected system,” please review our Hamilton Passwords - Systems webpage
  • Should not be used with other non-Hamilton systems, e.g. personal Gmail, personal banking.
  • Must not be equal to your current Hamilton password or any Hamilton password used in the past 90 days.
  • Must use characters in the Roman alphabet, numbers, or symbols on the US keyboard. Symbols:
    ! " # $ % & ' () * + , - . / : ; < = > ? @  [ \ ] ^ _ ` { | } ~ and a space.
  • Individuals who would like an additional level of security with their HillConnect account can use 2-step verification.

Password or pass phrase?

Consider using a pass phrase: unrelated words, at least four characters long, with mixed capitalization, separated by punctuation or spaces.

  • A pass phrase is basically just a series of words, which can include spaces, that you use instead of a single pass “word.”
  • Pass phrases should be at least 16 to 25 characters in length (spaces count as characters), but no less. Longer is better because, though pass phrases look simple, the increased length provides so many possible permutations that a standard password-cracking program will not be effective.
  • It is always a good thing to disguise that simplicity by throwing in elements of weirdness, nonsense, or randomness as long as you can remember it.
Length Complexity Examples of Acceptable Passwords
8-11 mixed case letters, numbers,  and symbols required


12-15 mixed case letters and numbers, required LeeF7450maKin
16-19 mixed case letters required RobertCeramicFether
20+ no more than 3 repeating characters in a row icebergskywardsinging
my children are the brightest

Age (frequency of change)

  • Employees are required to change their password annually.
  • Students are required to change their password annually.

History (reuse)

  • Passwords cannot be reused for 90 days


  • Accounts will be “locked” after five failed login attempts. Lockout will expire automatically after 5 minutes, or can be manually unlocked using the password management system. 

Password Management System

The password management system will:

  • enforce the requirements of the password policy
  • facilitate changing of passwords
  • allow reset of a forgotten password
  • unlock accounts
  • synchronize passwords changes across connected systems
  • send email reminders about expiring passwords

Systems Excluded from the Policy

  • Colleague
    • the existing policy will continue to be used for Colleague accounts, although this will be revisited once the password management system is in place
  • Other accounts used for prospective students, parents, guests and alumni

No comments yet.


Team Name

Administrative Services

Office Location
Burke Library
198 College Hill Road
Clinton, NY 13323

Help us provide an accessible education, offer innovative resources and programs, and foster intellectual exploration.

Site Search