Password Management

From Bloomex Wiki
Jump to navigation Jump to search

Choosing Passwords

At Bloomex, users are required to create strong, difficult-to-guess passwords to ensure the security of company systems and data. The following guidelines must be adhered to when selecting a password:

  • Complexity: Passwords must not be easily guessable, should not be based on words found in dictionaries, and must avoid references to the user's personal life.
  • Length: All passwords must be at least eight characters long. Systems that support this requirement must enforce it automatically.
  • Composition: Passwords must contain a combination of alphabetic and numeric characters to enhance security.

Changing Passwords

To maintain security, passwords at Bloomex must be periodically updated:

  • No Reuse or Recycling: Users are not allowed to reuse or recycle their old passwords.
  • Immediate Action on Suspicion: If a user suspects that their password has been compromised, they must change it immediately.
  • Verification for Resets: The IT Help Desk will only reset passwords for users who can prove their identity. Acceptable forms of identification include a valid government ID and a Bloomex ID.

Protecting Passwords

Users at Bloomex are responsible for safeguarding their passwords:

  • No Sharing: Passwords must not be shared with anyone, including managers, IT support staff, or co-workers. Authorized methods for sharing information include the use of Bloomex network server shared directories, electronic mail, or intranet pages.
  • Secure Storage: Passwords must not be stored in unencrypted computer files, logon scripts, or any other programs. If written down, passwords must be concealed using a transformation process or securely stored in a locked file cabinet.
  • Default Passwords: Any default passwords provided by hardware or software vendors must be changed before the system is used for Bloomex business activities.

Management Tool Enforcement

Bloomex utilizes a password management tool to enforce these rules automatically. This tool operates transparently, ensuring compliance without requiring additional actions from end users.

These password management practices are designed to protect Bloomex's information systems and ensure the ongoing security of company data.

Retrieved from "https://wiki.necs.ca/index.php?title=Password_Management&oldid=4741"