nFront Security Logo
  • Blog
  • Contact Us
  • (404) 348-4678
  • Products
    • nFront Password Filter
    • nFront Web Password Change
    • nFront Account Disabler
    • FREE - nFront Weak Password Scanner NEW
  • Resources
    • Whitepapers
    • Use Cases
    • Video Tutorials
  • Compliance
    • NERC CIP Compliance
    • PCI Compliance
    • PSN Password Compliance
    • NIST Password Compliance
    • Sarbanes-Oxley Compliance (SOX)
    • HIPAA Compliance
    • Stanford Password Policy
    • CJIS Password Policy Requirements
  • Support
    • FAQ
    • Knowledge Base
    • Log a Support Case
  • About Us
    • Company History
    • Contact Us
  • Home
  • Theater

Stanford Password Policy Configuration


nFront Password Filter allows you to enforce the Stanford Password Policy. The Stanford Password Policy is a length-based complexity policy. Most password requirements consider complexity to be a variation in character types (lower, upper, numeric, and special). In 2014, Stanford University adopted a new password policy that garnered a bunch of attention. The policy essentially has 4 different ranges for password length and ties each range to complexity requirements. Here is the list of ranges and requirements

  • 8-11 characters: Require lowercase, uppercase, numeric, and special characters
  • 12-15 characters: Require lowercase, uppercase, and numeric characters
  • 16-19 characters: Require lowercase and uppercase characters
  • 20 or more characters: Require only lowercase characters

The Stanford Policy was certainly a step in the right direction and it is a great improvement for most companies. However, we suggest using a minimum length that is 10, 12 or more and using rules like dictionary blacklisting and checking for breached passwords. You can also consider requiring passphrases (longer passwords that contain spaces).