Skip to main content

Password Policy

Password Creation

  • All user and admin passwords must be at least [16] characters in length. Longer passwords and passphrases are strongly encouraged.
  • Where possible, password dictionaries should be utilized to prevent the use of common and easily cracked passwords.
  • Passwords must be completely unique, and not used for any other system, application, or personal account.

Password Aging

  • User passwords must be changed every [3] months. Previously used passwords may not be reused.
  • If the user will not change their password within 3 months then the password will expire.

Password Protection

  • Passwords must not be shared with anyone (including coworkers and supervisors), and must not be revealed or sent electronically.
  • Passwords shall not be written down or physically stored anywhere in the office.
  • When configuring password “hints,” do not hint at the format of your password (e.g., “zip + middle name”)
  • User IDs and passwords must not be stored in an unencrypted format.
  • User IDs and passwords must not be scripted to enable automatic login.
  • “Remember Password” feature on websites and applications should not be used.

Regularly Change Your Password

The longer you stick to a single password, the higher the chance it will be compromised. Regularly changing your password will throw off all but the most determined cybercriminals.
This measure is especially useful to protect your most sensitive data, such as your myaccount services. Just make sure to change your password to one that is just as strong as previous one.

Manage your Password

How to change your password?

If the customer wants to change their account password, they can follow the below steps.

Click on ‘Security’ section in the ‘Setting’ section then click on ‘Change Password’ tab.

changepassword1

Then customers get a mail which contains a link regarding the password change. When a customer clicks on that link then the “Change Password” window will be open. After filling the new password in the field then click on the “Reset” button.

changepassword2

After clicking on Reset button, "Password has been changed successfully" is shown on the window and a link is provided for the login.

changepassword3

When a user does not change their password within 3 months, then the password will expire and when they try to login, the following window will appear. The user has to enter a new password and click on the “Reset Password” button.

resetpassword