8.9 Security
8.9.2 The use of standard password practices and procedures as a good practice to ensure
network security
In both share-level or user-level security models, passwords are given to the user for access to the network or specific data. Passwords should always be kept secure and never written down where unauthorized users may be able to stumble upon them.

Passwords should not be:

  • The log on, first, or last name of the user. Or the names reversed.
  • A familiar name, a spouse, child, pet, or relative.
  • Easily attainable information, such as personal information.
  • A word found in any language dictionary.
  • A combination of letters and numbers.
  • A group of single digits or letters. For instance: AAAAA or 11111.

Passwords should be:

  • Between six and eight characters in length.
  • Include non-alphanumeric characters
  • Be set to expire periodically, ideally once every 30 days.