Password Complexity – VTA Learner Did You Know?

VTA Learner Did You Know?

The RISC VTA Suite is highly configurable. The “VTA Learner Did You Know?” series of blogs highlight features that some users are not aware of. Past examples include Supervisor Utilities and Spaced Learning. If you have suggestions for other topics, submit them to

Password Complexity

Cyber security is a hot topic. With access to more and more on-line systems, IT professionals are always in a race to stay one step ahead of hackers. Many times IT or Security departments establish rules around password complexity and the frequency that passwords must be changed. You’re probably already familiar with password complexity rules like the password must:

  • Have a minimum (and maximum) length
  • Include one or more upper case letter
  • Include one or more lower case letter
  • Include one or more number
  • include a “special character” like these: !@#$%^&*+? etc.

Did you know that you can also set rules such as:

  • Match x of y conditions. For instance, your password must comply to 3 of the 4 rules above about required characters.
  • Disallow 3 or more sequential, identical characters. This would prevent a password of 2222222, for example.

VTA uses what is called a regular expression or rational expression to manage this password complexity. RISC can update this regular expressions to match your company’s cyber security requirements.

Reset Frequency

Similar to requiring password complexity, some company polices require that passwords are changed after a fixed number of days. This configuration can be changed into RISC’s VTA Learner by sending a request to

Forbidden Words (no, not that kind)

George Carlin

The last password control that few VTA Administrators know about are Forbidden Words. No, not the kind that are forbidden on the radio by the FCC – though they can be included too! This is a list of words that can’t be used as a password. For example, you may list your company name as a forbidden word if you were concerned that employees would use it as their password. Forbidden words are more important when password resets are not required since a user could keep the same password for years.

Want to learn more?

If you are interested in more information about password complexity, cyber security, or any VTA Learner configuration, email today.


Duncan Welder IV
Director of Client Services RISC, Inc
Mr. Welder holds a Master’s of Education from Texas A&M University in Educational Technology and has more than 25 years experience in implementation of Learning Management Systems, both domestically and abroad. Mr. Welder has been recognized for his application of Learning Management Systems to manage regulatory-compliance in industries ranging from petrochemicals to finance and has provided presentations to professional organizations including the Gulf Coast Process Technology Alliance, the Northwest Process Technology Alliance and the American Society of Training and Development.
Mr. Welder’s career is founded in traditional instructional design and computer-based training development. He is a certified Development Dimensions International facilitator, a Kirkpatrick Certified Evaluator and facilitator of the Ohio State University curriculum development program. In addition to working in industry, Mr. Welder has held adjunct faculty positions at Bowling Green State University, Ohio and the College of the Mainland, Texas. Mr. Welder has been published in both Training Magazine as well as US Business Review.