Sean Shields (15314971)
Sean Shields (15314971)

5 Policy’s
[Document subtitle]
5 Policy’s
[Document subtitle]

PASSWORDS POLICY
1.0 Overview
All employees and personnel that have access to computer systems must adhere to the password policies defined below in order to protect the security of the network, protect data integrity, and protect computer systems.
2.0 Purpose
This policy is designed to protect the organizational resources on the network by requiring strong passwords along with protection of these passwords, and establishing a minimum time between changes to passwords.
3.0 Scope
This policy applies to any and all personnel who have any form of computer account requiring a password on the organizational network including but not limited to a domain account and e-mail account.
4.0 Password Protection
Never write passwords down.
Never send a password through email.
Never tell anyone your password.
Never reveal your password over the telephone.
Never use the "Remember Password" feature of any application programs.
If anyone asks for your password, refer them to your IT computer security office.
Don't use names of people or places as part of your password.
Don't use part of your login name in your password.
Don't use parts of numbers easily remembered such as phone numbers, social security numbers, or street addresses.
Be careful about letting someone see you type your password.
5.0 Password Requirements
Minimum Length - 8 characters
Maximum Length - 14 characters
Minimum complexity - No dictionary words included. Passwords should use three of four of the following four types of characters:
Lowercase
Uppercase
Numbers
Special characters such as !@#$%^&*(){}[]
Maximum password age - 60 days
Minimum password age - 2 days
Account lockout threshold - 3 failed login attempts
6.0 Enforcement
Since password security is