QCHA Logon Password Policy
QCHA ICT maintain a password policy that requires you to change your domain password regularly to help secure your own access and help protect our network against opportunistic external attack.
Password Complexity Requirements
As such, the password complexity requirements are as follows:
- The password must be a minimum of 8 characters in length
- The password must contain characters from any 3 of the following 4 categories
- Uppercase letters (e.g. ABCD)
- Lowercase letters (e.g. abcd)
- Numbers (e.g 1234)
- Symbols (e.g. :@~"£$%^)
- Cannot contain any portion of the username
- Cannot be any of the previous 6 passwords (password history is enforced)
- Your password requires to be changed every 42 days
Password Guidance:
- Pick a secure password that you will remember and that would be hard to obtain through a "Dictionary Attack" (testing common words or names as passwords). Perhaps use an Acronym of a phrase or line from a book. e.g. "Ullman stood five-five, and when he moved" would become "Usffawhm", then add a recognisable number and/or symbol.
- Try and avoid using guessable (or otherwise potentially learnable) attributes. e.g. Childrens names, pets, ages, dates of birth, favourite teams etc
- DO NOT write down your password in any physical form. If your password is discovered by someone else, they could potentially gain access to privileged content.
- DO NOT share your password with other users (no exceptions, any new access requirements should be raised with ICT on the helpdesk)
- DO NOT use the same password for everything (corporate or otherwise). In the event of any password breach, any other accounts using the same password would potentially be vulnerable.
- Not all systems require the password to be changed on the same 42 day schedule as your computer logon. Consider changing these too.