Upload File

password guidelines

prev
next
out of 4
Download Password Guidelines

Upload: tauqeer25

Post on 04-Apr-2018

218 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • 7/29/2019 Password Guidelines

    1/4

    User Password Guidelines

    Draft Policy Template

    1. Purpose

    Passwords are an important aspect of computer security. They are the front line ofprotection for user accounts. A poorly chosen password may result in the compromiseof the Tranzone Companey . As such, all Tranzone employees (including contractorsand vendors with access to the Tranzones systems) are responsible for taking theappropriate steps, as outlined below, to select and secure their passwords.

    2. Guidelines

    The purpose of these guidelines is to establish a standard for creation of strong

    passwords, the protection of those passwords, and the frequency of change. The scopeof this policy includes all personnel who have or are responsible for an account (or anyform of access that supports or requires a password) on any system that resides at anyTranzone facility, has access to the Tranzone network, or stores any non-publicTranzone information.

    3. Procedure

    3.1. General:

    3.1.1. All admin-level passwords (e.g., root, enable, NT admin, application

    administration accounts, etc.) must be changed on at least every 3 months.

    3.1.2 All user-level passwords (e.g., email, web, desktop computer, etc.) must bechanged at least every six months. The recommended change interval is everyfour months.

    3.1.3 User accounts that have system-level privileges granted through groupmemberships or programs such as "sudo" must have a unique password from allother accounts held by that user.

    3.1.4 Passwords must not be inserted into email messages or other forms of

    electronic communication.

    3.1.5 All user-level and system-level passwords must conform to the guidelinesdescribed below.

    3.2. Guidelines:

    3.2.1 General Password Construction Guidelines

  • 7/29/2019 Password Guidelines

    2/4

    Passwords are used for various purposes in the Tranzone. Some of the morecommon uses include: user level accounts, web accounts, email accounts,screen saver protection and voicemail passwords. All users should select strongpasswords.

    Examples of poor, weak, or easy to break passwords include:

    A password that contains less than eight (8) characters

    A password that uses only alphabetic characters

    A password that is a word found in a dictionary (English or foreign)

    A password that is a common usage word such as: Names of family, pets,friends, co-workers, fantasy characters, etc.

    Computer terms and names, commands, sites, companies, hardware, software.The words "", "", "" or any derivation.Birthdays and other personal information such as addresses and phone numbers.Simple word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc.

    Any of the above spelled backwards. Any of the above preceded or followed by a digit (e.g., secret1, 1secret)

    Strong passwords have the following characteristics:

    Contain both upper and lower case characters (e.g., a-z, A-Z)

    Have digits and punctuation characters as well as letters e.g., 0-9, !@#$%^&*()_+|~- =\`{}[]:";'?,./)

    Are at least eight (8) alphanumeric characters long and use a passphrase(Ohmy1stubbedmyt0e).

    Are not a word in any language, slang, dialect, jargon, etc.

    Are not based on personal information, names of family, etc.

    Passwords should never be written down or stored on-line. Passwords should be easilyremembered. One way to do this is create a password based on a song title, affirmation,or other phrase. For example, the phrase might be: "This May Be One Way ToRemember" and the password could be: "TmB1w2R!" or "Tmb1W>r~" or some othervariation.

    NOTE: Do not use either of these examples as passwords!3.2.2. PasswordProtection Standards

    3.2.2.1 Do not use the same password for Tranzone accounts as for othernon-Tranzone access (e.g., personal ISP account, option trading, benefits,etc.). Where possible, don't use the same password for various Tranzoneaccess needs. For example, select one password for the Grading and StudentInformation systems (SIS) and a separate password for Web and Emailsystems.

  • 7/29/2019 Password Guidelines

    3/4

    3.2.2.2 Do not share Tranzone passwords with anyone, includingadministrative assistants or secretaries.

    3.2.2.3 All passwords are to be treated as sensitive, confidential Tranzoneinformation.

    3.2.2.4 Users of computers will not:

    reveal a password over the phone to ANYONE unless a known identityis established

    allow others to access your computer or the Tranzone computersystems using your password

    share any private passwords with students

    reveal a password in an email message

    reveal a password to supervisors unless specifically directed to do soby an employment directive

    talk about a password in front of others

    hint at the format of a password (e.g., "my family name")

    reveal a password on questionnaires or security forms

    share a password with family members

    reveal a password to co-workers while on vacation

    3.2.2.5 If a person demands a password, refer the person to this document orhave the person call someone in the Information Security Department.

    3.2.2.6 Do not use the "Remember Password" feature of applications (e.g.,Outlook, Internet Explorer, Firefox, Messenger).

    3.2.2.7 Do not write passwords down and store them anywhere in your office.

    Do not store passwords in a file on ANY computer system (including electronicorganizers or similar devices) without encryption.

    3.2.2.8 Change passwords at least once every six months (except system-level passwords which must be changedquarterly). The recommendedchange interval is every four months.

  • 7/29/2019 Password Guidelines

    4/4

    3.2.2.9 If an account or password is suspected to have been compromised,report the incident to the Tranzone Technology Coordinator and change allpasswords.

    3.2.3 Passphrases

    Passphrases are generally used for public/private key authentication. Without thepassphrase to "unlock" the private key, the user cannot gain access.

    Passphrases are not the same as passwords. A passphrase is a longer versionof a password and is, therefore, more secure.

    A passphrase is typically composed of multiple words. Because of this, apassphrase is more secure against "dictionary attacks" where words in adictionary are randomly and repeatedly tried until the correct password is found.

    A good passphrase is relatively long and contains a combination of upper andlowercase letters and numeric and punctuation characters. An example of a goodpassphrase:

    "The*?#>*@TrafficOnThe101Was*!#ThisMorning" All of the rules above that apply to passwords apply to passphrases.


MS Excel password recovery to crack XLSX password & Recovery Excel password

Administrator's Guide - Epson America · PDF fileAdministrator's Guide ... Enter a password for the user in the Password field following the guidelines on the screen. Note: If you

Password Managers · Frank Chen | Spring 2017 CS 88S Password, Authentication, Password Managers Week 4 LastPass, a Password Manager Application

Default Password List Password List Router Dell Router)

Internet password: aea8success Conceptbasedinstruction.weebly.com Password: Consortium1

How to change cloud email password. - W3infotech€¦ · Change Password Webmail Password Old Password Kuwait, Riyadh New ail Address Confirm Passwnord [email protected] The new password

Free Password Locker | Password Manager - AKick

READER Guidelines and Considerations. Requires same User Name and Password as your Citrix login. 2

HSCNetID Password Reset Self-Servicehsc.unm.edu/about/cio/assets/doc/password-reset-self-service.pdfresult in password synchronization errors. The Successfully changed password message

No Service Password-Recovery · Information About No Service Password-Recovery Cisco Password Recovery Procedure TheCiscoIOSsoftwareprovidesapasswordrecoveryprocedurethatreliesupongainingaccesstoROMMON

Password Self Service - LabCorp Password Self Service The Password Self Service application allows you to easily and securely manage your password for …

Email Password Forgot password? Remember me Sign In

EasyMail Setup is a simple and convenient email …...• Password – enter a new password • Re-enter password – confirm your new password • Forgot Password Question – choose

COMMUNITAKE ENTERPRISE MOBILITY: USE GUIDELINES€¦ · Mobile device inventory management. Grouping by organizational hierarchy. Password policy enforcement. Mobile applications

Understanding and Configuring Password Manager for Maximum ... › ... › understanding-and-configuring-password … · Password Manager provides a simple, secure set of password

Online password reset 1 Navigation to online password reset · Online password reset A guide to Internet banking Navigation to online password reset Click on ‘Forgot password’

PASSWORDPop QuizPop Quiz! PASSWORD Pop QuizPop Quiz! · 2016. 3. 22. · “PASSWORD” 7 PASSWORD Pop QuizPop Quiz! PASSWORD Pop QuizPop Quiz! PASSWORD Pop QuizPop Quiz! PASSWORD

Welcome Packet · for creating a strong password: Password Guidelines from Google If you forget your personal password, please contact it@efba to reset your account. EFBA teachers

Recurrent GANs Password Cracker For IoT Password Security

My password is password

Guidelines of Implementation EDIFACT-SUBSET EDITEC ... · This task is being fulfilled by the converter. S005 K REFERENCE/PASSWORD OF THE RECIPIENT 0022 M an..14 Reference or Password

Credit Linked Capital Subsidy Scheme Guidelines …cluster.dcmsme.gov.in/Manual/Clcss_CO_Guidelines.pdf2 1. Work Flow of Circle Office User Login Home Page Start Forgot Password Password

Administrator's Guide - ET-16500/L1455 · 8. Enter a password for the user in the Password field following the guidelines on the screen. Note: If you need to reset a password, leave

Forcepoint Endpoint Solutions Upgrade Guide€¦ · Guidelines for creating an anti-tampering password . . . . . . . . . . . . . . . . . . . . . . .2 ... Security with the Web Cloud

Skype brand guidelines - Download Skype · PDF fileIf you have a spine, visit our complete brand guidelines at skype.com/go/brand Username: skype Password: br4nd

ID Password FUND PASSWORD作成・登録kasooutsuuka.up.seesaa.net/image/EUNEX2019.03.20.pdf · Login Password Login Password Fund Password Password for withdrawing and trading assets

Guidelines for Using Technology off Campus Contents · Password Management All AACC students, faculty and staff use the Password Management tool to update their password and manag

SysInfoTools Access Password Recovery · SysInfoTools Access Password Recovery 2 1. SysInfoTools Access Password Recovery User's Guide SysInfoTools MS Access Password Recovery Version

Password Reset Feature - Kingston Technologymedia.kingston.com/support/ironkey/ES/v61/Password_Reset_QSG.pdf · PASSWORD RESET QUICK START GUIDE PAGE 4 About Password Reset The Password

Username Password Enter Username and Password Login

Password Tips · Suggested Password Strategy Create strong, memorable passphrases for your key passwords. 1. Password manager program’s master password. 2. Computer login password

SimonTech Student password cards€¦UserName(/(diana.alvarez((Password/(42qbg2((((Jose&Amaya& (Ninth)((UserName(/(jose.amaya((Password/(2s746s(

A. Guidelines for Creating username (userid) and Password Step1: … · 2020. 9. 11. · Step 17: You will receive ^Password by SMS on the registered mobile number/ email. In case

Password Help - Rowley Servicesrowleyservices.com/Support/RowleyServices-Password-and-Tutorials... · Password Help Make your password at least 10 characters long. ... Recovery Phone:

18-19 Fellowship Guidelines-DRAFTREV031918 · Fellowship Guidelines Your UT EID Fellowship Acceptance Materials ... Please make note of your UT EID and password for your use during