The Context:
- Passwords used to access the system must meet specific security criteria. These settings are enforced by the system globally. While the following are the minimum requirements to create a secure password, notes will be added to help ensure the strongest passwords are created.
The Data:
- Minimum Length: 8 characters. (Recommended length is 12–16 characters for stronger security - Consider a tool like Bitwarden)
- Case Sensitivity: Must include both uppercase and lowercase letters.
- Numeric Requirement: Must include at least one number.
- Special Character: Must include at least one special character (e.g., ^, *, }).
- History Count: Cannot reuse the last 6 passwords.
- Expiration: Passwords expire every 90 days (default).
Limits:
- Lockout: Accounts may lock out after a set number of failed login attempts
Multi-Factor Authentication (MFA):
- MFA is strongly recommended and should be activated wherever it is supported. Even a strong password can be compromised through phishing, credential reuse, or breach exposure. MFA provides a critical second layer of defense and is the single most effective control for preventing account takeover.
Comments
0 comments
Article is closed for comments.