Password Management

From Bloomex Wiki
Revision as of 18:37, 2 September 2024 by Admin (talk | contribs) (Created page with " ==== Choosing Passwords ==== At Bloomex, users are required to create strong, difficult-to-guess passwords to ensure the security of company systems and data. The following guidelines must be adhered to when selecting a password: * '''Complexity:''' Passwords must not be easily guessable, should not be based on words found in dictionaries, and must avoid references to the user's personal life. * '''Length:''' All passwords must be at least eight characters long. System...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Choosing Passwords

At Bloomex, users are required to create strong, difficult-to-guess passwords to ensure the security of company systems and data. The following guidelines must be adhered to when selecting a password:

  • Complexity: Passwords must not be easily guessable, should not be based on words found in dictionaries, and must avoid references to the user's personal life.
  • Length: All passwords must be at least eight characters long. Systems that support this requirement must enforce it automatically.
  • Composition: Passwords must contain a combination of alphabetic and numeric characters to enhance security.

Changing Passwords

To maintain security, passwords at Bloomex must be periodically updated:

  • No Reuse or Recycling: Users are not allowed to reuse or recycle their old passwords.
  • Mandatory Changes: Passwords must be changed every 120 days. Additionally, passwords must be changed the first time they are used after being set.
  • Immediate Action on Suspicion: If a user suspects that their password has been compromised, they must change it immediately.
  • Verification for Resets: The IT Help Desk will only reset passwords for users who can prove their identity. Acceptable forms of identification include a valid government ID and a Bloomex ID.

Protecting Passwords

Users at Bloomex are responsible for safeguarding their passwords:

  • No Sharing: Passwords must not be shared with anyone, including managers, IT support staff, or co-workers. Authorized methods for sharing information include the use of Bloomex network server shared directories, electronic mail, or intranet pages.
  • Secure Storage: Passwords must not be stored in unencrypted computer files, logon scripts, or any other programs. If written down, passwords must be concealed using a transformation process or securely stored in a locked file cabinet.
  • Default Passwords: Any default passwords provided by hardware or software vendors must be changed before the system is used for Bloomex business activities.

Management Tool Enforcement

Bloomex utilizes a password management tool to enforce these rules automatically. This tool operates transparently, ensuring compliance without requiring additional actions from end users.

These password management practices are designed to protect Bloomex's information systems and ensure the ongoing security of company data.

Retrieved from "https://wiki.necs.ca/index.php?title=Password_Management&oldid=4740"