Navex PolicyTech (archive) contains the complete and official password policy, these guidelines will help you remain compliant.


Domain passwords must meet these requirements.

  • 10 to 256 characters in length
  • Change every 6 months
  • Contain 3 of 4 character types:
    • A-Z uppercase
    • a-z lowercase
    • 0-9 numbers
    • !-? punctuation
  • May not include your name
  • May not match your previous 12 passwords


Good passwords are long, random, and unique for each service.

  • Longer passwords are much stronger
  • Use a unique password for every website and application
  • Use a mix of letters, numbers, and symbols
  • Securely store your passwords in a password manager


Your password should be unique, known only to you.

  • Don't share your password
  • Don't accept passwords from others (e.g. do not login for someone else)
  • Don't display or hide passwords near keyboards, monitors, mouse pads, unlocked desk drawers
  • Refrain from using your work passwords anywhere else

Good Password Generators:

Some trusted tools you may use to help you create good randomly-generated passwords.

Multifactor Authentication (MFA)

All Riverview Health users are required to enable, enroll, and use multifactor (MFA) authentication for all work-related accounts and services that support MFA.