Password Policy

Good passwords are critical to information security. Lack of thought in creating password policies increases the chances of unauthorized access or compromised data.

Creating a strong password policy is key to helping users safeguard these critical systems they rely on every day. While additional complexity can seem like an inconvenience to many users, it shouldn’t prevent a strong password policy from being implemented in your organization

The purpose of this policy is to establish a standard for the creation of strong passwords, the protection of those passwords, and the frequency of change.

For safeguarding the information of the Organization, users have to follow the following requirements for setting the password.

Guideline

Details

Validation

Content of Password

Password should have at least 1 character from each of the 4 groups

Minimum Length: 8 Characters Maximum Length: 30 Characters

Characters should have the following.

Lower-case Latin characters (a-z).
Upper-case Latin character (A-Z)
Base 10 digits (0-9)
At least 1 Non-alphabetic characters (!@#$%)

Maximum password age

Shows the maximum lifetime of a password before it has to be changed.

90 Days

User needs to change the password in 90 days

Maximum Failed Logon Attempts

Maximum number of failed attempts to login, after which user login will be blocked & requires administrator's help to unlock.

5 times in a row

If exceeded these attempts - the user login will be blocked

How to avoid : User needs to Reset password.

How to : Click on Reset password

& an Email link will be sent to reset password from Cathy

Reset Password Link

email validity for reset password link, either Maximum failed logon attempts.

1 Hour

Password History

New Password can't be same as that of last passwords.

Last 5 Passwords

Reset Password

Frequency

User will not be able to update password within 24 hours of last password change.

If User tries to change within 24 hours, the system will show error message.

"Please contact your workspace admin if you need help."

Admin will be able to click on reset password option in workspace users, if required.

Reset Passwords

Expiry Reminder

Passwords need to be changed before the expiry.

Reminder / Email notification shall be sent to users asking them to reset passwords before expiry.

Email notification shall be sent as below.

Reminder 1: 15 days prior to expiry
Reminder 2: 3 days prior to expiry
Reminder 3: 1 day prior to expiry
Reminder 4: when the password has expired-"please reset your password before you login next time."

PreviousGeneral NextMulti Language Localization

Last updated 2 years ago