Recommendation of Multi-Factor Authentication and Change in Password Requirements for UTokyo Account

UTokyo Account has required users to set passwords that are between 8 and 16 characters long and sufficiently difficult to break as a prerequisite for secure use. However, in recent years, the security situation has worsened and there have been numerous cases of users’ identities and passwords being stolen through targeted attacks, phishing attacks, and other means.

Proper password management is no longer sufficient to ensure the security of accounts, and the use of Multi-Factor Authentication (MFA) has become essential.

In order to encourage the use of MFA for UTokyo Account and to ensure smooth use of UTokyo Account, we are making the following changes to the password validity period and the number of characters in the UTokyo Account.

Changes to be made

• The password validity period will be changed from the current 365 days to indefinite for those using MFA and 397 days (one year + one month) for those not using MFA.
  • Please note that this applies to passwords set on or after March 9; passwords set before March 9 will not be automatically extended in validity.
• The minimum number of characters required for a password will change from 8 to 12.
• The maximum number of characters that can be set as a password will change from 16 to 64.
  • Please note that the ECCS printing service (printer operation panel) and the financial accounting system and budget execution management system allow passwords of up to 32 characters, so if you have set a password of 33 characters or more, you will not be able to use these systems.

Date of change

March 9, 2023, 3:00PM