Password Change Policy - July 1, 2026 - What this means for you

June 4, 2026

The System Office is making changes to the password policy, effective July 1.  This change is intended to align Minnesota State as a system with the requirements in NIST*. 

Summary of changes:

• Minimum password length goes from 8 to 15
• Required password change extended from 180 days to 13 months (390 days)
  • Immediate action where there are indications of compromised
• Password complexity is reduced, where no special characters will be required

These changes will be carefully coordinated between the System Office and campus IT domain administrators to ensure that policies are set identically on July 1.  These policies must be set at the same time.

For help resetting your StarID password, click on the article: How do I activate my StarID or reset my StarID password? or click on the video options for a step-by-step process offered in multiple languages.

Passwords expiring before July 1 will use the existing password rules:

• Password length – at least 8 characters
• Password must include special characters (Symbol, Capital letter, Number)

NOTE: Your password reset clock is extended by seven (7) months on July 1. If your password expires after July 1, you will use the new password rules.

NOTE: If you are an existing/current student or employee who had set your password prior to July 1 AND change or add schools AFTER July 1, you will need to change your password using the new password rules. This step will resync your StarID and StarID password credentials to the new affiliated school and meet the new complexity requirements.

*“NIST is a set of best‑practice guidelines created by the federal government that organizations use to manage cybersecurity risk, similar to safety codes or financial controls” (What is the NIST Cybersecurity Framework?)