Internal Password Policy
ID123’s Password Policy is implemented to ensure that proper care is taken to secure all computer and informational materials. This will be accomplished by vendors, employees, and contractors maintaining best practices for the password protection of including, but not limited to e-mail, network, and device accounts.
The Password Policy intended to allow for the efficient and well-protected management of accounts both local and cloud-based, and the materials those accounts entail and contain.
This Password Policy encompasses all employees and administrators and all computing or network devices. The Password Policy must be taken into account when using a personal device if Company information assets or confidential data can be accessed from said device.
a. All e-mail, network, domain accounts must be password protected. All new accounts will be created with a temporary password. The temporary password must be changed upon first use.
b. Mobile devices must be password protected; this includes but is not limited to smartphones, laptops, tablets, chrome books, and off-site desktops.
c. Passwords used on Company systems and on non-Company systems that are authorized for use must have the following characteristics unless otherwise approved by the Data Protection Officer:
i. Passwords must be a minimum of 8 characters in length;
ii. Passwords must contain both alphabetic and numeric characters;
iii. Passwords must not be the same as the username;
iv. Passwords must not contain proper names or words taken from a dictionary;
v. Passwords must be changed at minimum every 90 days; and,
vi. Passwords used for production systems must not be the same as those used for the corresponding non-production systems such as the password used during training.
d. Passwords must not be disclosed to anyone. All passwords are to be treated as Confidential information.