Client Area
Your Online Access (YOA) Password FAQ
Why is YOA implementing these new requirements?
We are implementing these new requirements to meet industry best practices with respect to information security.
When will these new requirements be implemented?
These new password requirements will be implemented as of February 1, 2009. Any user can change or strengthen their password at any time through the standard password change process. If a password is not strengthened by midnight on January 31, 2009, the user will be prompted at their next log-in to change their password.
What are YOA's new password strength requirements?
Each password must consist of a minimum of 8 and a maximum of 25 characters. At least one character must be an upper case letter and at least one character must be a lower case letter. At least one character must be a number from 0-9 and at least one character must be a special character (as defined below).
What does password "strength" refer to?
The term password "strength" refers to the rules that govern what passwords are considered valid passwords. The weakest passwords are single words, like "money", or a child's first name. Very strong passwords appear as random characters, like m@F8c4$iRls3x and usually consist of a larger number of characters.
Strong passwords protect the website from "dictionary attacks". A dictionary attack is a "brute force" attack where words from a list (instead of random character combinations) are repeatedly tried until the real password is found. The most common passwords are always tried first.
Case-sensitivity
Case-sensitivity refers to the ability of the system to determine the difference between upper-case and lower-case letters. Enabling case-sensitivity doubles the number of available characters and increases the number of possible combinations exponentially.
Minimum and Maximum Characters
Character minimums and maximums are simple upper and lower limits to the length of a valid password. Three character passwords are much easier to crack than 15 or 20 character passwords.
Require Numeric Characters
Numeric characters are the numbers 0 through 9. Using numbers is a good way to add hundreds of thousands of possible combinations to the pool of valid passwords. Requiring at least one number helps prevent brute-force attacks.
Require Special Characters
Special characters are the characters that are neither letters nor numbers and are located primarily on the upper row of the number keys. As with numbers, using special characters is a good way to add hundreds of thousands of possible combinations to the pool of valid passwords. Requiring at least one special character helps prevent brute-force attacks. The list of accepted special characters is described below:
| ? | Question Mark | ! | Exclamation Point |
| " | Double Quote | # | Pound (Number) Symbol |
| $ | Dollar Sign | & | Ampersand |
| ' | Single Quote (Apostrophe) | ( | Open Parenthesis |
| ) | Close Parenthesis | * | Asterisk |
| + | Plus Sign | , | Comma |
| . | Period | / | Forward Slash |
| : | Colon | [ | Open Square Bracket |
| ] | Close Square Bracket | ^ | Caret |
| _ | Underscore | ` | Reverse Quote |
| { | Open Curly Brace | | | Pipe |
| } | Close Curly Brace | ~ | Tilde |
| > | Greater Than Symbol | < | Less Than Symbol |
| = | Equal Sign | ; | Semi-colon |
| @ | At Symbol |
How do I change my password before the deadline?
All users can utilize the standard change password function which will bring up the following screen. They will enter their old password, new password, and reconfirm the new password.
