The Daily Tar Heel

Serving the students and the University community since 1893

Tuesday March 28th

Onyen password changes to be less frequent

Students might soon have to create more complicated Onyen passwords — but the reward would be changing them less often.

If a recently proposed change is implemented, students will be able to keep their passwords for an entire year, rather than 90 days.


Here are some guidelines for making an Onyen password:

  • It must be at least 8 characters long, and must contain at least one letter and one digit
  • It must contain one of these characters: !@#$%&* ={}?<>”’
  • It must not start with a hyphen, or end in a space or backslash

The faculty information technology advisory committee met Monday, with the password expiration period as the sole agenda item.

The change, which is still being discussed, would not be implemented soon as it is in the preliminary stages, committee members said.

To complete this change, the committee needs to consult with the identity management group within Information Technology Services, which could take six to 10 months.

But the goal would be to increase security, said Stan Waddell, executive director for information security, who is working with the committee to implement this change.

“We’ve done a lot as a campus to improve our information security,” said Larry Conrad, vice chancellor for information technology and chief information officer, at the meeting.

Waddell said the change would require passwords to be more complex, with more characters and special characters. Common words, such as “Tar Heel,” would also be off-limits.

The new passwords and expiration length would encourage students to create more complex, long-term passwords, Waddell said.

With short-term passwords, some committee members said they fear students are only making small changes in their passwords every 90 days, which puts them at risk.

Committee members said new password guidelines would help limit the accessibility of UNC’s data.

“We have 30 (million) to 50 million unwanted attacks a week, and that’s just what we can see,” he said.

Sophomore Morgan Welch said she agrees that the change could improve security.

“I think maybe it would be a good idea because if I had a whole year to remember it, I would come up with a more complex password.”

After it goes through identity management, the change still has to be approved by the University’s internal audit department.

Committee members also said they hope the change would lower the burden of support related to passwords, and that fewer people would be coming to ITS for password support and resets.

Contact the desk editor at

To get the day's news and headlines in your inbox each morning, sign up for our email newsletters.


The Daily Tar Heel's 2023 Black History Month Edition

Special Print Edition

Games & Horoscopes

Print Edition Games Archive