Password policies

Most organisations have policies for the secure use of their computer systems. The following password policies are suggested if none are defined at your organisation:

• Passwords issued to individuals are the responsibility of the nominated individual. All actions performed under the password is the responsibility of the person who owns the password.
• Sharing of passwords is not permitted under any circumstances. If you require access to Synergetic, you need to obtain your own password.
• Passwords:
• must not be written down and left in a place where unauthorised persons might discover them
• must not be shared or revealed to anyone else besides the authorised user
• should be changed periodically.
• The following should not be used as passwords:
• Words in a dictionary.
• Derivatives of user-ids.
• Common character sequences such as "123456".
• Personal details - spouse's name, licence plate, social security number, birthday (unless accompanied by additional unrelated characters) and so on.
• Any part of speech - proper names, geographical locations, common acronyms and slang.
• Characters which do not change combined with characters which predicably change. That is, characters which change based on the month, a department, a project or some other easily-guessed factor. For example, users must not employ passwords like "X34JAN" in January, "X34FEB" in February and so on.
• Identical or substantially similar to passwords that have previously been employed.
• To prevent the compromise of multiple systems, computer users must employ different passwords on each of the systems to which they have been granted access.
• System administrators must use their own user accounts rather than the system administrator account.