Reference: Password Strength Policy
1. Should be at least 7 characters in length.
2. Should contain both alphabetic and numeric characters (e.g. a-z, A-Z, 0-9).
3. Should contain at least one non-alphanumeric character (underscore).
4. Do not reuse any of the previous four passwords.
5. Do not use common words that can be found in a any standard dictionary.
6. Do not use common dictionary words prepended or appended with numbers.
7. Do not use personal identifiable information (e.g. user id, family name, birthday, etc.) As a General Rule1. You should avoid writing down your password. Use a reputable password manager to store your passwords securely instead of writing down or storing passwords insecurely.
2. You should change your password periodically. You are required to change your initial password upon first-use and to change your password every 90 days (if not enforced).
3. Consider using a passphrase instead of a password. Passphrases typically have additional benefits such as being longer, more complex and easier to remember.
4. Using the same password for multiple accounts can simplify access and administration. However, the compromise of a single account can potentially result in the compromise of multiple accounts.
5. Do not share your user account passwords with anyone for any reason. Passwords should not be shared even for the purpose of technical support.
6. Do not use automatic log-in functionality "Remember Password".
Examples of 'weak' passwords
• Words with numbers appended (e.g. password1)
• Words with a simple modification (e.g. p@ssw0rd)
• Repetitive words (e.g. crabcrab)
• Common sequences or repeated characters (e.g. qwerty, abcdefg, 111111)
• Numeric sequences based on well known numbers (e.g. 314159... (pi) ).
• Words spelled backwards, common misspellings, or abbreviations
• Anything personally related to you (e.g. date or birth, current or past telephone number, address etc.)
Some useful online resoures on how to create 'strong' passwords
Customer Account Information
1. Upon account creation, you will be required to set a password for your account. When a password is reset, using the "Forgot Password" link on the login page, confirmation email will automatically be sent to the owner of the account. This provides you with confirmation that the change or reset was successful and also alerts you in the event that your password was unknowingly reset.
2. The support desk will contact you if alerted to multiple failed login attempts. If notified of such events, you will be required to reset your password using the "Forgot Password" link on the login page.
3. Idle authenticated sessions will be de-authenticated after 30 minutes of inactivity. You will be required to re-authenticate to continue with your session or a new session will be created.
4. All user activity will be monitored and logged.
1. If you cannot remember your password, you can use the "Forgot Password" link on the login page or contact the support desk to assist you.
2. In the event of inadvertent password disclosure, immediately request a password reset using the "Forgot Password" link on the login page.
3. In the event of a suspected account compromise, immediately request a password reset using the "Forgot Password" link on the login page and inform the support desk.