The information below provided by the UW Health Information Services team describes changes to UW Health password policy and procedures beginning on May 4, 2022, and tips on creating a secure passphrase. SMPH and UW–Madison NetID passwords will not be affected by this change.
Updates to the UW Health Password Policy
The healthcare industry is a desirable target for ransomware and other cyberattacks. Successful attacks can disrupt patient care and lead to the theft of medical records. This information can be sold on the underground market for a higher profit than social security numbers or passwords, thus making UW Health an attractive target to hackers. To protect you and the organization against cyberattacks, UW Health is strengthening user account security by updating the current password requirements in the UW Health Authentication and Password policy.
On May 4, 2022, UW Health will be making the following changes to the password policy:
- Switching from requiring a minimum 8-character length password to a minimum 16-character length passphrase
- You are only required to change your passphrase once a year (not quarterly!)
- The passphrase does not require an uppercase, lowercase, number, or special character for complexity; however, adding complexity will strengthen your passphrase.
Did you know you can use a badge to sign in to UW Health workstations equipped with a badge reader? If you work with patients, you may be eligible for this feature. Click here for enrollment information.
Securing the UW Health network is a team effort. Creating a new, more secure password supports good cybersecurity practices.
For more information about this change, please see the FAQs below.
Update to password.uwhealth.org website
Password.uwhealth.org will have a new web page and login experience. You can use this site to change your UW Health Wisconsin user account password.
Note: It is strongly recommended to use a web browser in incognito/private browsing mode to avoid access or sign-in issues when connecting to this site.
The login page requires an address for the username. How you sign in depends if you have a UW Health e-mail address:
- If you do not have a UW Health provided e-mail address, enter [UWHealthUserId]@pa.uwhealth.org for the username and user account password. For example, if your UW Health User ID is abc123, you must enter abc123@pa.uwhealth.org for your username.
- If you have a UW Health provided e-mail address, enter your UW Health e-mail address for the username and user account password. For example, if your UW Health e-mail address is jdoe4@uwhealth.org, you must enter jdoe4@uwhealth.org for your username.
For more information about this change, please see the FAQs below.
Password Policy & Passphrase FAQs
What is a Passphrase?
A passphrase is a way to create an easy-to-remember password that is strong and secure. You create a phrase with a group of words with no obvious connection and at least 16-characters in length. See below for an example of creating a passphrase.
Traditional passwords require complexity (i.e., a password must have an uppercase, lowercase, special character, and number) and must be changed every 90 days. With a passphrase, complexity is not required, and you are only required to change your passphrase once a year!
Why is UW Health updating the Password Policy?
UW Health and other healthcare organizations face continued threats from hackers and criminal gangs. These malicious actors will use tools and techniques to crack passwords for user accounts. Doubling the minimum password character length from 8 to 16 makes it extremely difficult for hackers to crack a password for a user account.
This effort and other security initiatives will make the UW Health network more secure and better protected against cyberattacks!
Who is impacted by the password policy change?
Any SMPH employee with a UW Health user account to access UW Health network resources (For example, UW Health user account used to access the UW Health Citrix environment).
Does this update affect my SMPH or UW-Madison NetID user account?
No, this update only applies to UW Health user accounts.
When will this update be applied?
May 4, 2022
Once the policy is applied to your UW Health user account, you will have 90 days from your last password change to create a 16+ character passphrase.
Once you create your new passphrase as your password, you won’t be required to change it again for another year!
How do I create an easy-to-remember passphrase?
A key to a good passphrase is it is easy to remember and the randomness (i.e., the passphrase words should not have an obvious connection between them). A good way to remember a passphrase is to think of a short story that ties all the words together.
Below is an example of a short story and passphrases created for the passage.
Story: I put on my favorite shoes for a walk in the forest. During my walk, I saw two squirrels and a bear. It was humid, and I drank a lot of water.
Here are examples of a passphrase created from the story above:
lumber.bigbear.goodwater
feet-humidity-rodents
water treetop shoelace
The above passphrases are easy-to-remember, strong, and secure!
Note: Passphrases can contain spaces
Note: The passphrase does not require an uppercase, lowercase, number, or special character for complexity. However, adding complexity will strengthen your passphrase.
What words should I avoid in a passphrase?
- Passphrases or passwords you use for other websites
- Your personal information (e.g., First/Last name, Social Security number, birth date, telephone number, etc.)
- Names of members in your family
- Your UW Health user-id
- Days of the Week (e.g., Monday, Mon, Tuesday, Tue, etc.)
- Seasons (e.g., Winter, Spring, Summer, Fall)
- Months or Years (e.g., January, Jan, February, Feb, 2021, 2022, etc.)
- Well-known quotes or music lyrics
- Local sports teams or well-known regional landmarks
Note: The system may reject your new passphrase if you use any of the words above as part of your passphrase.
Am I required to have an uppercase, lowercase, number, or special characters in my passphrase?
You are not required to have an uppercase, lowercase, number, or special characters in your passphrase for complexity. However, adding complexity will strengthen your passphrase.
Do I need to create a passphrase immediately after the policy update has been applied to my user account?
No, when your user account receives the updated policy, you will not be required to create a passphrase immediately. Your current password will age out 90 days from the last password change. You will be required to create a passphrase on or before your current password ages out. Once you create a passphrase, you won’t be required to change it again for one year!
Who do I contact if I have questions about the policy change?
Please contact the UW Health Wisconsin IS Service Desk at (608) 265-7777.
Password.uwhealth.org FAQs
What is password.uwhealth.org?
It is a UW Health web application that allows you to change your UW Health Wisconsin user account password using a web browser.
This site should not be used to change your SMPH or UW-Madison NetID user account password.
What is changing with the site?
The site will have a new web page and login experience.
The login page requires an address for the username. How you sign in depends if you have a UW Health e-mail address:
- If you do not have a UW Health provided e-mail address (common for most SMPH employees), enter [UWHealthUserId]@pa.uwhealth.org for the username and user account password. For example, if your UW Health User ID is abc123, you must enter abc123@pa.uwhealth.org for your username.
- If you have a UW Health provided e-mail address, enter your UW Health e-mail address for the username and user account password. For example, if your UW Health e-mail address is jdoe4@uwhealth.org, you must enter jdoe4@uwhealth.org for your username.
When will the site change?
May 4, 2022
How do I access password.uwhealth.org?
Open a web browser and visit https://password.uwhealth.org. You must be connected to the UW Health internal network, using the UW Health VPN client, or log in to a UW Health Citrix session.
Help! The site isn’t accepting my UW Health user-id to sign in. Why not?
You cannot use your UW Health user-id to sign in.
For a person without a UW Health provided e-mail address, you must use [UW Health User Id]@pa.uwhealth.org for the username. For example, if your name is John Doe and your UW Health User Id is jfd456, you will enter jfd456@pa.uwhealth.org for the username.
For a person with a UW Health provided e-mail address, you must use your UW Health e-mail address for the username and user account password.
Should I use this site to change my SMPH or UW–Madison NetID user account password?
No, do not use this site to change your SMPH or UW–Madison NetID user account password.