Password Policy

Article author
Oluwatosin Adegbaju
  • Updated

Password Composition

  1. Be at least 8 characters long. 
  2. Contain characters from the following character classes:
    1. Upper case alphabetic (e.g. A-Z)
    2. Lower case alphabetic (e.g. a-z)
    3. Numeric (e.g. 0-9)
    4. Special characters (e.g. .,!@#$%~)


Password Hygiene

  1. Passwords shall not be based on dictionaries, common names or actual words.
  2. Passwords shall not be composed of words, numbers, or known public information (e.g. ID/Social Security numbers; Names, family names, pet names; birthdays, phone numbers, addresses, etc.).
  3. Passwords shall not contain a user’s login name(user name) or any variation of your login name as your password or as part of your password.
  4. Passwords are best composed as a passphrase. A passphrase is a short phrase or sentence that is meaningful to you but difficult to guess. It is recommended that you include special characters, numbers & spaces.
  5. Passwords should not be reused either from previous passwords or across different systems.
  6. Passwords should be changed periodically.
  7. Every user account must be protected by a password.
  8. Default and/or blank passwords on new systems and services should be immediately identified and reset upon the installation of the affected application, service, device, or operating system.
  9. A password should never be transmitted into emails, stored unencrypted, or written down.
  10. Users shall not attempt to decrypt, crack or “hack” passwords without the explicit permission of Andela IT.
  11. All passwords are to be treated as confidential sensitive information. Do not share your password with anyone.
  12. If a password is suspected to be compromised, it must be changed immediately and Andela IT informed of the incident immediately


Password Storage

  1. Passwords shall always be stored encrypted while at rest. The encryption algorithms and configurations used must conform to the Andela Cryptography Standard and Guidelines.
  2. Users must not store passwords in plain-text locations e.g. notebooks, documents - whether electronic or physical
  3. It is highly encouraged to use a strong and well-designed password manager/vault to store passwords both for official use. Consultation should be made with the Andela IT team on which password manager is advisable for use.


Multi-Factor Authentication

  1. To further protect against unauthorized access, Multi-Factor/2-Step authentication shall be enabled where available.

Was this article helpful?



Article is closed for comments.

Still have questions?

Submit a request