Policy:
Passwords are an important part of computer security. They act as a front line of protection for user accounts. A poorly chosen password may result in the compromise of INSTs entire IT network. As such, all persons provided with access to INSTs systems are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.
Procedure:
All passwords (e.g., e-mail, account access, desktop/laptop computer must be changed every four months. The recommended change interval is every two months.
Passwords are not to be recorded anywhere, such as handwritten notes, e-mail messages, or any other form of electronic communication/documentation.
All user-level and system-level passwords must conform to the guidelines detailed below.
Guidelines:
Passwords are used for various purposes at INST. Everyone affiliated with INST should know how to select strong passwords.
Poor, weak passwords have the following characteristics:
The password contains less than eight characters
The password is a word found in a dictionary (English or foreign)
The password is a common usage word such as a proper name, birthdate, etc.
Strong passwords have the following characteristics:
Contain both uppercase and lowercase letters
Have digits and punctuation characters in addition to letters
Are not a word in any language, slang, jargon, etc.
Are not based on personal information, names of family, etc.
Compliance:
Persons found in violation of this policy will be subject to disciplinary action.