a. All e-mail, network, domain accounts must be password protected. All new accounts will be created with a temporary password. The temporary password must be changed upon first use.
b. Mobile devices must be password protected; this includes but is not limited to smartphones, laptops, tablets, chrome books, and off-site desktops.
c. Passwords used on Company systems and on non-Company systems that are authorized for use must have the following characteristics unless otherwise approved by the Data Protection Officer:
i. Passwords must be a minimum of 8 characters in length;
ii. Passwords must contain both alphabetic and numeric characters;
iii. Passwords must not be the same as the username;
iv. Passwords must not contain proper names or words taken from a dictionary;
v. Passwords must be changed at minimum every 90 days; and,
vi. Passwords used for production systems must not be the same as those used for the corresponding non-production systems such as the password used during training.
d. Passwords must not be disclosed to anyone. All passwords are to be treated as Confidential information.