All user and admin passwords must be at least  characters in length. Longer passwords and passphrases are strongly encouraged.
Where possible, password dictionaries should be utilized to prevent the use of common and easily cracked passwords.
Passwords must be completely unique, and not used for any other system, application, or personal account.
User passwords must be changed every  months. Previously used passwords may not be reused.
If the user will not change their password within 3 months then the password will expire.
Passwords must not be shared with anyone (including coworkers and supervisors), and must not be revealed or sent electronically.
Passwords shall not be written down or physically stored anywhere in the office.
When configuring password “hints,” do not hint at the format of your password (e.g., “zip + middle name”)
User IDs and passwords must not be stored in an unencrypted format.
User IDs and passwords must not be scripted to enable automatic login.
“Remember Password” feature on websites and applications should not be used.
Regularly Change Your Password¶
The longer you stick to a single password, the higher the chance it will be compromised. Regularly changing your password will throw off all but the most determined cybercriminals. This measure is especially useful to protect your most sensitive data, such as your myaccount services. Just make sure to change your password to one that is just as strong as previous one.
Manage your Password¶
How to change you password ?¶
If customer want to change his account password then he can follow below steps.
Click on ‘Security’ section in the ‘Setting’ section then click on ‘Change Password’ tab.
Then customers get a mail which contains a link regarding the password change. When a customer clicks on that link then the “Change Password” window will be open. After filling the new password in the field then click on the “Reset” button.
After clicking on Reset button Password has been changed successfully is shown on the window and link is provided for the login.
When a user will not change his password within 3 months then the password will expire and when he tries to login then the following window will appear. Then the user has to enter new password and click on the “Reset Password” button.