Passwords are a critical component of information security. Passwords serve to protect user accounts; however, a poorly constructed password may result in the compromise of individual systems, data, or network. This guideline provides best practices for creating secure passwords.
The purpose of this guidelines is to provide best practices for the created of strong passwords.
This guideline applies to employees, contractors, consultants, temporary and other workers, including all personnel affiliated with third parties. This guideline applies to all passwords including but not limited to user-level accounts, system-level accounts, web accounts, e-mail accounts, screen saver protection, voicemail, and local router logins.
Strong passwords are long, the more characters you have the stronger the password. We recommend a minimum of 24 characters in your password (unless otherwise limited by the application the password is for). Poor, or weak, passwords have the following characteristics:
- Contain eight characters or less.
- Contain personal information such as birthdates, addresses, phone numbers, or names of family members, pets, friends, and fantasy characters.
- Contain number patterns such as aaabbb, qwerty, zyxwvuts, or 123321.
- Are some version of "Welcome123" "Password123" "Changeme123"
In addition, every work account should have a different, unique password. To enable users to maintain multiple passwords, we highly encourage the use of the 1Password password management software that is authorized and provided by monetr LLC to all staff. Whenever possible, also enable the use of multifactor authentication.
The InfoSec team will verify compliance to this policy through various methods, including but not limited to, business tool reports, internal and external audits, and feedback to the policy owner.
Any exceptions to the policy must be approved by the InfoSec team in advance.
An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.