|
Password Policies
SST password policy includes:
- never share a computer account or let someone else use your account.
- never tell a password to anyone
- never write down a password
- never communicate a password by telephone, e-mail or instant messaging
- being careful to log off before leaving a computer unattended
- changing passwords whenever there is suspicion they may have been compromised
- Passwords must not be a word found in the dictionary (in any language), whether spelled forwards or backwards, or a word preceded or followed by a digit
(e.g., secret1, 1secret)
- Be aware that automatic "password cracker" programs check for common symbol substitutions in words, such as
"0" for "o" and "$" for "s". Simply substituting common symbols for letters in a dictionary word, e.g.
"Pa$$w0rd" instead of "Password," might result in a guessable password even though it technically meets the
above requirements.
|
SST IT Security Awareness
