Password policy

Password policy rules are used whenever a domain user password is set or changed. If the new password does not meet all the bellow requirements it cannot be used:

Password must be changed every 99 days.

To avoid issues with some services (like: Windchill, MyQ, etc.) password should not contain non-english (non-ASCII) characters (like: č, đ, ä, etc.), however usage of special characters (like: ., !, ?, -, etc.) is advisable.

To prevent password disclosure, you should also follow the following rules that cannot be technically enforced:

Password guidelines

There are a lot of methods used for generating a strong password that is still easy to memorize. You can find explanation for two of them bellow:

Bruce Schneider method

We take a an easy to remember sentence and turn it into a password. We try to express some or every word in a unique way. The sentence is used to memorize the password by.

The sentence “Today is a sunny day” can be used to create the following password “2DAY=suniD4Y”. We can increase the complexity by adding an emoji: “2DAY=suniD4Y:)”

PAO method (Person Action Object)

We take a place, a person and an action combined with an object to form a mini story. We use the story as a mnemonic device to help you memorize the password. The method goes like this:

  1. Pick a memorable place
  2. Pick a familiar or memorable person
  3. Imagine a random action relating the two
  4. Now combine these into a mini-story and form a password using words from the story.

We can combine “London, Captain Kirk, washing dishes” into a story “Captain Kirk is washing dishes in London” from which we can create a password “KK?is!WASH?dish!IN?lon”.


You can also use following recomendations to make your password more complex and still easy to memorize: