Password Management Policy
This policy from TechRepublic Premium provides guidelines for the consistent and secure management of passwords for employees and system and service accounts. These guidelines include mandates on how passwords should be generated, used, stored and changed as well as instructions for handling password compromises.
From the policy:
Blank or easily guessed passwords, such as “password,” are never permitted for any account, no matter how trivial. Passwords should also not contain dictionary words such as “kitchen” or “automotive.”
Passwords must be complex, containing at least eight characters and a mixture of lowercase, uppercase, numbers and punctuation characters. For instance, “B3llt0Wer!” should be used in place of “Belltower,” as it is considerably more secure.
Passwords should never contain security-sensitive information, such as an employee’s Social Security number or date of birth. They also should not include public information related to an employee’s personal life, such as the names of their children, hobbies or favorite sports team among others.
Use different passwords on different systems. For example, a Windows account password should not be the same as a QuickBooks password. It is especially critical that external accounts, such as on third-party websites like Salesforce.com, do not have the same passwords as internal accounts to protect from data breaches against these external targets.
This download is available as a PDF and Word document.
Previously priced at $99, this is now available to download for $29.
Subscribe to the TechRepublic Premium Exclusives Newsletter
Save time with the latest TechRepublic Premium downloads, including original research, customizable IT policy templates, ready-made lunch-and-learn presentations, IT hiring tools, ROI calculators, and more. Exclusively for you! Delivered Tuesdays and Thursdays