You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
You are viewing the article in preview mode. It is not live at the moment.
Home > Policies & Procedures > [Draft]Password Policy
[Draft]Password Policy
print icon
Tony Arashiro
Dec 12, 2024
views icon 14

This is Agile Six's password policy that we believe will fit with the company culture and continue to provide Agile Six security and flexibility while minimizing and mitigating risk. We have determined the best password policy to fit with the culture of Agile Six and based on an assessment of users in our current workspaces. It is everyones responsibility and duty as Sixers to ensure they are protecting the assets they are physically working on and the systems they are connecting to. Passwords are used as a deterrent for threats to avoid attempting to gain access to our systems. The more complex a password is the more difficult it would be to crack and create a greater deterrent for potential threats.

 

Moving forward the responsibility of managing and changing passwords on corporate assets will reside with the individual sixers who have received corporate assets. As outlined in the acceptable use policy (General Requirements 1st bullet, System Accounts bullets 1 and 2, Computing Assets 1st bullet) all sixers must adhere to the Password Policy. We have transitioned from enforcement to trust and are encouraging our sixers to review our policies or best practices with regards to ensuring the security of our company.

Here are the recommended guidelines based on various industry standards:

  1. Enforce Password History: '24'

    -This means that the user cannot use the same password within the last 24 hours.

  2. Maximum Password Age: '180 days' (6 months)

    -This is how long until a user must change their password.

  3. Alpha-numeric value enabled

    -The password must have at least 1 letter and 1 number.

  4. Password minimum length: '15'

    • The password must have a minimum length of 15 characters.

  5. Minimum number of complex characters excluding alpha-numeric: '1'

    -The password must have a minimum of 1 non-letter and non-number characters (special characters).

  6. Maximum autolock: '15 minutes'

    -This is how long until the computer will lock due to inactivity.

  7. Maximum grace period for computer lock: '15'

    -The period of inactivity before a password is required to unlock the computer (screensaver)

  8. Maximum number of failed attempts: '5'

    -The maximum amount of times to input an incorrect password until the computer is locked out.

  9. Avoid using dictionary words and common phrases

    -Mix up the letters and numbers if writing out dictionary words or common phrases, i.e. P@s$w0rd1234!@#$

  10. Avoid using personal names, birthdays, or common knowledge as your password

    -Pets name, parents names, nicknames, etc.

 

Feedback
0 out of 0 found this helpful

Tags

close button
scroll to top icon