The URL can be used to link to this page

Home My WebLink AboutN-801 - Computer Network PasswordsCITY OF PASCO ADMINISTRATIVE ORDERS Administrative Order No. 801 1 Information Services Subject: Computer and Network Passwords Initial Effective Date:December 1, 2010 Revised Approved I. PURPOSE: To establish guidelines for creation and use of strong passwords to protect the city's electronic data and systems. II. DEPARTMENTS AFFECTED: All III. REFERENCES: IV. DEFINITIONS: Strong Password: A password that is difficult to detect by both humans and computer programs, effectively protecting data from unauthorized access. V. POLICY: All computer and network users' accounts will be secured with a strong password that is changed on a regular reoccurring timeline. Users must also protect passwords from anyone else. Password Creation: A strong password will meet the minimum requirements listed below. As technology and threats to security change, these minimums will change. These requirements will be enforced by Information Services through the use of available server management technology. ■ Minimum of eight characters in length. ■ Not the same as user ID. ■ Must change within a maximum of 90 days. ■ Prohibit the reuse of the last ten passwords. ■ Account Lockout Threshold — 3 failed attempts. ■ Account Lockout Duration — must be unlocked by Information Services via request by user. 2. Password Protection: Employees must prevent the misuse of their passwords by any other individual. This can be accomplished by the following suggestions: ■ Never send a password through email. ■ Never include a password in a non -encrypted stored document. ■ Never reveal your password over the telephone. ■ Never hint at the format of your password. ■ Never reveal or hint at your password on a form on the internet. ■ Never use your corporate or network password on an account over the internet which does not have a secure login where the web browser address starts with https:// rather than http://. ■ Report any suspicion of your password being broken, to Information Services. ■ Do not use names of people or places as part of your password. ■ Do not use parts of numbers easily remembered such as phone numbers, social security numbers, or street addresses. ■ Be careful about letting someone see you type your password. 3. Choosing Passwords: The following suggestions will help users to create easy -to -remember passwords that meet these typical password requirements, at least eight characters long and with at least three of the following character types, upper-case letters, lower-case letters, numbers, and special characters. ■ Substitute numbers for letters and vice versa. (o instead of 0, 4 instead of A, 1 instead of L, E instead of 3). ■ Substitute words for numbers (one, two, three...). ■ Combine both of the above (One, thr33, fl ve). ■ Use capitalization in random places (bLue, happY). ■ Use special characters (!@#$%^&*()11[1 ) to punctuate and separate words. ■ Create passwords out of words, numbers or phrases you'll remember. ■ Misspell words. 4. Examples of converting memorable information into a complex password: ■ Friday becomes: frYdaay! ■ Robert becomes #robERt# Approved: ■ 867-5309 becomes 8siX753o9 ■ 19 Peach Place becomes: One9peacHpl! ■ I love Jill becomes: eYelov3Jill ■ My dog Fritz becomes: MeyedogfrltZ Gary Crutchfield, 0taager Date Administrative Order 801 Computer and Network Passwords — Page 2