Password policies

Owned by Former user (Deleted)
Oct 25, 2016
1 min read

Most organisations have policies for the secure use of their computer systems. The following password policies are suggested if none are defined at your organisation:

  • Passwords issued to individuals are the responsibility of the nominated individual. All actions performed under the password is the responsibility of the person who owns the password.
  • Sharing of passwords is not permitted under any circumstances. If you require access to Synergetic, you need to obtain your own password.
  • Passwords:
  • must not be written down and left in a place where unauthorised persons might discover them
  • must not be shared or revealed to anyone else besides the authorised user
  • should be changed periodically.
  • The following should not be used as passwords:
  • Words in a dictionary.
  • Derivatives of user-ids.
  • Common character sequences such as "123456".
  • Personal details - spouse's name, licence plate, social security number, birthday (unless accompanied by additional unrelated characters) and so on.
  • Any part of speech - proper names, geographical locations, common acronyms and slang.
  • Characters which do not change combined with characters which predicably change. That is, characters which change based on the month, a department, a project or some other easily-guessed factor. For example, users must not employ passwords like "X34JAN" in January, "X34FEB" in February and so on.
  • Identical or substantially similar to passwords that have previously been employed.
  • To prevent the compromise of multiple systems, computer users must employ different passwords on each of the systems to which they have been granted access.
  • System administrators must use their own user accounts rather than the system administrator account.