Password policy
1.0 Overview
All users that have access to the Vitae website must adhere to the password policies defined below in order to protect the security of the website, protect data integrity, and protect Vitae's computer systems.
2.0 Scope
This policy applies to any and all users who have any form of website account requiring a password.
3.0 Password Protection
- Never write passwords down.
- Never send a password through email.
- Never include a password in a non-encrypted stored document.
- Never tell anyone your password.
- Never reveal your password over the telephone.
- Never hint at the format of your password.
- Never reveal or hint at your password on a form on the internet.
- Report any suspician of your password being broken to Vitae's IT team.
- If anyone asks for your password, refer them to Vitae's IT team.
- Don't use common acronyms as part of your password.
- Don't use common words or reverse spelling of words in part of your password.
- Don't use names of people or places as part of your password.
- Don't use part of your login name in your password.
- Don't use parts of numbers easily remembered such as phone numbers, social security numbers, or street addresses.
- Be careful about letting someone see you type your password.
4.0 Password Requirements (subject to change)
- Minimum Length - 5 characters.
- Maximum Length - N/A.
- Minimum complexity - No dictionary words included.
- Passwords are case sensitive (login ID is not case sensitive).
- Passwords cannot contain certain symbols (=,-,+,*, :, .)
5.0 Choosing Passwords
Use password choosing tips as shown at http://www.comptechdoc.org/docs/ctdp/howtopass/ and be sure your passwords meet the minimum guidelines.