Password Complexity Rules

When creating or updating your password, you must follow the rules for password complexity established by DOE/NNSA.


  • cannot be reused.
  • must contain between 8 and 20 non-blank characters.
  • must include at least one each of the following:
    • an uppercase letter
    • a lowercase letter
    • a number
    • either # or $
  • cannot have $ or # in the last position.
  • cannot contain the user ID.
  • cannot include your own or, to the best of your knowledge, close friends' or relatives' names, your employee number, Social Security number, birth date, phone number, or any information about you that you believe could be readily learned or guessed.
  • cannot, to the best of your knowledge, include common words that would be in an English dictionary, or from another language with which you are familiar.
  • cannot, to the best of your knowledge, employ commonly used proper names, inlcuding the name of any fictional character or place.
  • cannot contain any simple pattern of letters or numbers, such as "qwertyxx" or "xyz123xx".
  • must be different from the passwords you use on your classified systems.

Unsuccessful password creation or change will result in an error message and request to submit again. Errors include:

  • reuse of an old password
  • failure to retype the new password correctly
  • a special character in the last position
  • incomplete or incorrect mix of letters, numbers, and special characters

If ever you fail to enter correct password three times in a row, your account will be locked and you will not have access to the system. To unlock your account, you must contact Technical Support at or (505) 663-1302.