Help Centre | Home

Password Policy


This policy has been created to detail how Havenstar clients should use passwords when accessing data held on systems provided by Havenstar.


Passwords are an important aspect of computer security. A poorly chosen password may result in unauthorised access and/or exploitation of the resources of both Havenstar and clients.


Strong passwords following the complexity guidance should be used and MFA used where available to prevent brute force attacks. The same password must not be used for multiple accounts. Passwords must not be written down. Passwords should be changed at 4-month intervals.


Password Complexity

All passwords should meet or exceed the following guidelines:


·         Contain at least eight alphanumeric characters.

·         Contain both upper-case and lower-case letters.

·         Contain at least one number (for example, 0-9).

·         Contain at least one special character (for example, !$%^&*()_+|~-=\`{}[]:";'<>?,/).  


A passphrase is like a password in use; however, it is relatively long and constructed of multiple words, which provides greater security against dictionary attacks. Strong passphrases should follow the general password construction guidelines to include upper and lowercase letters, numbers, and special characters (for example The%$%#TrafficOnThe401Wasb#!ThisMorning!).