Employee Password Policy

Employee Password Policy



Secure passwords are an essential aspect of IT security. A simple or insecure password can lead to a breach of the company’s data. As such, all employees and contractors who have access to the company’s systems are responsible for taking the below steps to secure their passwords.


  1. Password Creation
    1. All passwords should have the following characteristics
      1. Contain at least 8 characters
      2. Contain both upper and lower case letters
      3. Contain at least one special character (e.g. !@#$%^&*<>?:”)
      4. Contain at least one number (for example, 0-9)
    2. Poor or weak passwords contain
      1. Less than 8 characters
      2. Can be found in the dictionary
      3. Contain personal information such as pets or children’s names
      4. Contain common words spelt backwards or preceded or followed by a number (for example, 1secret)
      5. Are some version of “Welcome123” “Password123” or “Changeme123”
    3. Users should not use the same passwords for <Company Name> accounts as for non-<Company Name> access
  2. Password Change
    1. All user and systems passwords should be changed at least every 3 months
  3. Password Protection
    1. Passwords should be memorable to users as passwords should never be written down
    2. Passwords should not be shared with anyone. They should be treated as confidential data of <Company Name>
    3. Don’t use “Remember Password” functions of applications (for example, web browser)
    4. Any user who suspects their password may be compromised should report the incident and change all passwords