Password policies

Owned by Former user (Deleted)
Oct 25, 2016

Most organisations have policies for the secure use of their computer systems. The following password policies are suggested if none are defined at your organisation:

  • Passwords issued to individuals are the responsibility of the nominated individual. All actions performed under the password is the responsibility of the person who owns the password.
  • Sharing of passwords is not permitted under any circumstances. If you require access to Synergetic, you need to obtain your own password.
  • Passwords:
  • must not be written down and left in a place where unauthorised persons might discover them
  • must not be shared or revealed to anyone else besides the authorised user
  • should be changed periodically.
  • The following should not be used as passwords:
  • Words in a dictionary.
  • Derivatives of user-ids.
  • Common character sequences such as "123456".
  • Personal details - spouse's name, licence plate, social security number, birthday (unless accompanied by additional unrelated characters) and so on.
  • Any part of speech - proper names, geographical locations, common acronyms and slang.
  • Characters which do not change combined with characters which predicably change. That is, characters which change based on the month, a department, a project or some other easily-guessed factor. For example, users must not employ passwords like "X34JAN" in January, "X34FEB" in February and so on.
  • Identical or substantially similar to passwords that have previously been employed.
  • To prevent the compromise of multiple systems, computer users must employ different passwords on each of the systems to which they have been granted access.
  • System administrators must use their own user accounts rather than the system administrator account.