Password Expiration:


CCR passwords expire once per year.  Depending on the client you use to connect to certain CCR resources/servers, you may not be prompted in advance of this.  Once it expires, you will not be able to login to CCR servers.  You can check when your password will expire by logging into the identity management portal


Change or reset your password



Password Policy:


CCR maintains the same password policy as the University at Buffalo.  The full policy can be found here.  We want to specifically point out these parts:



Individual Accountability:  All users of university systems are individually assigned a user-id (e.g., UBITName) and password for the purpose of accessing UB online systems.  In accordance with UB “acceptable use policies,” users are individually accountable for activities performed with their user-ids and passwords.  Passwords may not be shared with anyone, including with administrative assistants or secretaries.  UB passwords are considered to be regulated, private data.

  • Do not reveal a password over the phone to anyone
  • Do not reveal/include a password in an email message
  • Do not reveal a password to your supervisor, manager, or co-workers
  • Do not talk about a password in front of others
  • Do not fall for phishing scams that attempt to get you to reveal your password or other personal information
    • The University of Buffalo and legitimate businesses will never ask you to reveal your password in unsolicited email messages or telephone calls to you
  • Do not use the “Remember Password’ feature of applications

Password Security: Passwords for UB systems should not be identical to those used for personal/non-UB online accounts.

Password Strength Requirements: User and system passwords shall be constructed with  strength and complexity that minimize the likelihood of successful password guessing or brute force attacks.  Passwords with strength and complexity must have the following characteristics:

  • Between 8 and 32 characters in length
  • Must contain at least
  • One lowercase character (a-z)
  • One uppercase character (A-Z)
  • One numeric character (0-9)
  • One non-alphanumeric character from this set: !?#$%&'()*+,-./:;@
  • Have no more than two pairs of repeating characters, such as “aa”
  • Cannot be an old password used within the past 365 days

Good passwords must be easy for you to remember.  To create passwords that can be easily remembered, use the basis of something you know well, such as a song title, affirmation, or other phrase.