Do you have a strict password security policy?
Rules to Better Networks|83b7fe44-b972-442d-91b5-92a0ac2154c2
v4.0
Posted at
1/10/2019 5:53 PM by
Christian Morford-Waite
Rule Intro
We recommend enforcing strict password policies.
Below is a capture of the settings we use:
Page Content
When passwords have to be changed they must meet the following minimum requirements:
- Not contain all or part of the user's account name
- Be at least six characters in length
- Contain characters from three of the following four categories:
- English uppercase characters (A through Z)
- English lowercase characters (a through z)
- Base 10 digits (0 through 9)
- Non-alphanumeric characters (e.g., !, $, #, %)
Rember it is always good to use an even number for password length ;) https://www.troyhunt.com/how-long-is-long-enough-minimum-password-lengths-by-the-worlds-top-sites/
Complexity requirements are enforced when passwords are changed or created.
Every 180 days clients will be required to change their password, they can change it when:
- Login to their computer
- Terminal server to another computer
- VPN
This allows users to change their password by making a VPN connection to the office.
We also enforce a lockout policy so if a user gets their password wrong 5 times, their account will be locked out for 15 minutes.
If you want to change your password sooner, press [ctrl] [alt] [delete] then click "Change Password" button.
{4BC01F63-9631-4DEC-AB28-AA17D89387D3}
Do you feel this rule needs an update?
