You'll probably be no stranger to password policies. They're commonly used by web-based email services, online banking, etc.

In this blog post, I'm going to talk you through CMAP's new password policies, and how they'll impact on future password changes.

So, from now on your new passwords will have to...

  • Be a minimum of 8 characters
  • Be a mixture of numbers (0-9) and upper and lower case letters and special characters
  • Not contain words found in a dictionary file (explained below)
  • Differ from the old password by a minimum of one character


  • The maximum number of password retries will be 5, after which the account will lock out for a period of 15 minutes
  • The system will force a change of password on first ever login or after a password reset

So, what is a password dictionary file?

A password dictionary file contains commonly-used, easily guessable words, like 'qwerty', 'password', first names and surnames, etc. The password file is editable, so you can include additional blocked words if you wish, such as your company name, job roles, nicknames and abbreviations, etc. Any words contained in the dictionary file will not be permitted to be contained within any users CMAP password.

CMAP will not force you to change your password, but the next time you do the new policies will apply.

As always, if you have any questions or feedback. we're all ears.