צור קשר
03-6440016

Password Policy – מדיניות סיסמאות חזקות

RFC-27001

Password Policy:
Length:
  • at least 10 characters
Mixed case:
  • at least 1 upper case character.
Digits:
  • at least 1 digit
Special characters:
  • at least 1 special character e.g., 0-9, !@#$%^&*()_+|~- =\`{}[]:”;'<>?,./)
Password Privacy:
  • Users should not comply with a demand to share a password. Never share a password with anyone,
  • including Information Technology Services (ITS) staff. Should issues arise that require Information
  • Technology Services to access an account, the password will be reset with the knowledge of the
  • user. After issues are resolved, the user will be requested to reset the password.
Password Reset Frequency:
  • passwords will be configured to force a change on a 120 day cycle
Password Protection Standards:
  •  Passwords should not be inserted into email messages or other forms of electronic communication.
  •  Passwords should not form a word in any language, slang, dialect, or jargon.
  •  Passwords should not include personal information including family names, birthdates, addresses, SSNs, etc.
  •  Do not use the same password for accounts as for other access f. Do not construct passwords that contain a word/phrase in any language, slang, dialect, jargon, etc. or be based on personal information, names of family, birthdates, etc.
  •  Construct and use strong passwords.
  •  Do not write down passwords or store passwords online.
  •  Do not talk about any passwords in front of others.
  •  Do not share your format for constructing a password (e.g., “my family name”)
  •  Do not reveal a password on questionnaires or security forms.
  •  Do not share a password with family members.
  •  Do not reveal a password to co-workers while on vacation.
  •  Do not use the “Remember Password” feature of applications (e.g. web browsers, etc.) that remember your password when the username is entered.
  •  Do not store passwords in a file on ANY computer system including mobile devices without encryption.