Password Composition
- Be at least 8 characters long.
- Contain characters from the following character classes:
- Upper case alphabetic (e.g. A-Z)
- Lower case alphabetic (e.g. a-z)
- Numeric (e.g. 0-9)
- Special characters (e.g. .,!@#$%~)
Password Hygiene
- Passwords shall not be based on dictionaries, common names or actual words.
- Passwords shall not be composed of words, numbers, or known public information (e.g. ID/Social Security numbers; Names, family names, pet names; birthdays, phone numbers, addresses, etc.).
- Passwords shall not contain a user’s login name(user name) or any variation of your login name as your password or as part of your password.
- Passwords are best composed as a passphrase. A passphrase is a short phrase or sentence that is meaningful to you but difficult to guess. It is recommended that you include special characters, numbers & spaces.
- Passwords should not be reused either from previous passwords or across different systems.
- Passwords should be changed periodically.
- Every user account must be protected by a password.
- Default and/or blank passwords on new systems and services should be immediately identified and reset upon the installation of the affected application, service, device, or operating system.
- A password should never be transmitted into emails, stored unencrypted, or written down.
- Users shall not attempt to decrypt, crack or “hack” passwords without the explicit permission of Andela IT.
- All passwords are to be treated as confidential sensitive information. Do not share your password with anyone.
- If a password is suspected to be compromised, it must be changed immediately and Andela IT informed of the incident immediately
Password Storage
- Passwords shall always be stored encrypted while at rest. The encryption algorithms and configurations used must conform to the Andela Cryptography Standard and Guidelines.
- Users must not store passwords in plain-text locations e.g. notebooks, documents - whether electronic or physical
- It is highly encouraged to use a strong and well-designed password manager/vault to store passwords both for official use. Consultation should be made with the Andela IT team on which password manager is advisable for use.
Multi-Factor Authentication
- To further protect against unauthorized access, Multi-Factor/2-Step authentication shall be enabled where available.