Feedback

Creating, Protecting, and Managing Passwords: Guide to the N-03 Password Policy

Strong passwords are critical to safeguarding sensitive information in the digital landscape. The N-03 Password Policy outlines comprehensive guidelines for creating, protecting, and managing passwords to ensure the security of County systems. This guide highlights best practices for password creation, usage, and resets, empowering employees and stakeholders to maintain secure accounts.

A. How to Create Strong Passwords

To protect against unauthorized access, passwords must meet the following County network password requirements:

1. Password Requirements

  • Minimum Length: At least 8 characters.
  • No Identifiable Information: Passwords must not include:
    • The user account name.
    • The user’s full name.
    • Any other personally identifiable information (e.g., phone numbers or predictable patterns like "1234").
  • Character Groups: Include at least one character from three of these four groups:
    • Uppercase Letters: A-Z.
    • Lowercase Letters: a-z.
    • Numbers: 0-9.
    • Special Characters: Examples include !@$%^&*.

2. Password Tips

  • Use easy-to-remember, strong passwords (e.g., "4U2Know!").
  • Avoid writing down passwords or storing them insecurely.

B. Protecting Your Password

As the account owner, you are responsible for all activities performed using your username and password. To protect your credentials:

1. Confidentiality

  • Never share your password with anyone, including managers, IT staff, or co-workers.
  • If you are transferring, retiring, or on leave, do not share your password. Contact the Agency Compliance Office at 619-338-2634 if access to emails or files is needed.

2. Avoid Reuse Across Systems

  • Do not use the same password for multiple systems to minimize the risk of a security breach.

3. Account Lockout

  • If a password is entered incorrectly five or fewer times consecutively, the account will lock or suspend.
  • Contact the system administrator to unlock the account or request a reset.

C. Changing Passwords Regularly

Changing passwords frequently ensures optimal security. Follow these guidelines:

1. Change Frequency

  • Passwords must be changed at least every 90 days.
  • Passwords must be changed immediately if they are compromised or suspected of being compromised.

2. Password History

  • You cannot reuse any of your last 24 passwords.

3. Unusual Account Activity

  • Change your password immediately if you notice any unusual activity, such as missing or altered files.

4. Changing Your Password

  • To change your password:
    1. Press Ctrl + Alt + Delete on your keyboard.
    2. Select Change Password from the menu.
    3. Enter a new password that meets the policy requirements.

D. Password Reset Process

1. Reset Requests

  • County Employees: Contact the appropriate system administrator (e.g., County Help Desk) to request a password reset. Identity verification is required.
  • Non-County Employees: Contact your County sponsor. The sponsor will verify your identity and request the reset from the appropriate Password Reset Authorizer.

2. Authorized Resets

  • Only appointed password reset authorizers and system administrators are authorized to reset passwords.
  • The user’s identity must be verified prior to each reset.

E. Reporting Policy Violations

Suspected violations of the N-03 Password Policy will be referred to the Agency Human Resources for appropriate action or investigation. Maintaining compliance with this policy helps protect County systems and data.

Contact Information

For questions or further assistance, reach out to:

0 Comments

Leave a comment