The purpose of this Password Policy for Corporate Managed Devices is to establish secure and consistent guidelines for password management on all corporate managed devices.
This policy is designed to protect sensitive and confidential information from unauthorized access and to ensure the security of the company's information technology infrastructure. The policy sets standards for password length, complexity, frequency of change, and prohibited information, as well as providing guidance for multi-factor authentication, password management, and employee training. The policy's aim is to reduce the risk of security breaches and maintain the confidentiality, integrity, and availability of company information.
Password Policy for Corporate Managed Devices:
-
Length: Passwords must be at least 12 characters long.
-
Complexity: Passwords must contain a combination of uppercase and lowercase letters, numbers, and special characters.
-
Change Frequency: Passwords must be changed every 90 days.
-
History: Passwords cannot be reused for at least 12 changes.
-
Personal Information: Passwords cannot contain personal information such as full name, address, phone number, or date of birth.
-
Dictionary Words: Passwords cannot contain commonly used words found in dictionaries or lists of commonly used passwords.
-
Multi-Factor Authentication: Multi-factor authentication must be enabled for all corporate managed devices.
-
Passphrase: Passphrases are encouraged over traditional passwords.
-
Confidentiality: Passwords must be kept confidential and should not be shared with others.
-
Password Management: A password manager is highly recommended to securely store passwords.
-
Reporting: Employees must report any suspected or known security breaches or unauthorized access to the IT department immediately.
-
Training: Employees will receive periodic training on password security and best practices.
This password policy will be reviewed annually and updated as necessary to ensure the protection of company information and assets.