This policy has been created to detail how Havenstar clients should use passwords when accessing data held on systems provided by Havenstar.
Passwords are an important aspect of computer security. A poorly chosen password may result in unauthorised access and/or exploitation of the resources of both Havenstar and clients.
Strong passwords following the complexity guidance should be used and MFA used where available to prevent brute force attacks. The same password must not be used for multiple accounts. Passwords must not be written down. Passwords should be changed at 4-month intervals.
All passwords should meet or exceed the following guidelines:
· Contain at least twelve alphanumeric characters.
· Contain both upper-case and lower-case letters.
· Contain at least one number (for example, 0-9).
· Contain at least one special character (for example, !$%^&*()_+|~-=\`{}[]:";'<>?,/).
A passphrase is like a password in use; however, it is
relatively long and constructed of multiple words, which provides greater
security against dictionary attacks. Strong passphrases should follow the
general password construction guidelines to include upper and lowercase
letters, numbers, and special characters (for example The%$%#TrafficOnThe401Wasb#!ThisMorning!).