Duck ID Password Requirements


The information below describes Duck ID password requirements, and tips on how to create a strong password.

Duck ID Password Requirements

  • Must be between 14 and 127 characters in length.
  • Must contain both uppercase and lowercase letters.
  • Must have at least one digit.
  • Must not contain your Duck ID, first name, preferred first name, middle name, last name, preferred last name.
  • Cannot be a previous password.
  • Password expires every 180 days.

Additional password guidelines

  • Should not contain UO ID (95#).
  • Should not be the same password you use on any other account.

How to Create a Strong Password

A strong password doesn't mean it has to be hard to remember.

  • Use a passphrase or sentence that makes sense to you (e.g., Those who dare 2 fail miserably can achieve greatly.)
  • Converting an easy-to-remember phrase into an acronym with symbols is also a good strategy. It is a VERY FINE day to go for a walk could be abbreviated to iiavfdtgfaw, and then by adding three digits, would become a valid password of iiaVFdtgfaw203.
  • Choose a word, then scramble it with some random numbers. Repeat the word if the word is too short. (e.g., buffalo becomes Bu3fa2oBu3fa2o).
  • Choose three random words and some random digits to string them together, such as duck5OREGON2green.

About Duck ID Password Requirements

The university has developed its password requirements in consultation with the Information Security Office and in alignment with industry best practices. Password requirements will be re-evaluated as best practice and our environment changes.


Article ID: 50920
Fri 3/23/18 3:56 PM
Thu 1/4/24 1:33 PM

Related Articles (4)

Amendments to State of Oregon Policies on Acceptable Use of State Electronic Information Systems (Version 3: 8/1/1997).
This article outlines the steps to set up multi-factor authentication (MFA) or two-step (or two-factor) authentication (2FA), to the most common service providers.
This document presents policies for acceptable use of University of Oregon computing resources. It neither reduces nor expands existing acceptable-use policies, but merely clarifies and illustrates the sorts of behaviors that may result in a response by the university or other interested parties.
Learn about UO Cybersecurity Basics, an online training available to all UO employees, and about cybersecurity awareness.