Mechanisms exist to compel users to follow accepted practices in the use of authentication mechanisms (e.g., passwords, passphrases, physical or logical security tokens, smart cards, certificates, etc.). Passwords must adhere to the following standards: 1. Must be at least 14 characters long 2. Must contain one number 3. Must contain one lower case letter 4. Must contain one upper case letter 5. Must contain one special character 6. Must be rotate every 90 days