|
|
| Line 1: |
Line 1: |
| Below is your **Password Policy document fully converted into clean, structured, MediaWiki format**.
| |
| You can copy-paste directly into your MediaWiki page.
| |
|
| |
|
| ---
| |
|
| |
| # '''Password Policy'''
| |
|
| |
| © Hein+Fricke India Technology Services Private Limited
| |
| [www.heinfricke.com](http://www.heinfricke.com)
| |
|
| |
| ---
| |
|
| |
| == 1. Purpose ==
| |
| This policy establishes the standards for creating, using, and maintaining secure passwords within the company.
| |
| Strong password practices are essential to protect company systems, data, and user accounts from unauthorized access.
| |
|
| |
| == 2. Scope ==
| |
| This policy applies to all employees, contractors, interns, and consultants who are assigned login credentials for any company system, application, or device.
| |
|
| |
| == 3. Password Requirements ==
| |
|
| |
| * '''Password History:''' Do not reuse your previous 24 passwords.
| |
| * '''Password Age:''' Passwords can only be changed after 24 hours from the last change.
| |
| * '''Password Length:''' Passwords must be at least 7 characters long.
| |
| * '''Password Complexity:''' Passwords must include:
| |
| ** At least one uppercase letter (A–Z)
| |
| ** At least one lowercase letter (a–z)
| |
| ** At least one number (0–9)
| |
| ** At least one special character (e.g., @ # $ %)
| |
|
| |
| ;Examples
| |
|
| |
| * '''Bad Practice:''' <code>user123</code>
| |
| * '''Good Practice:''' <code>User@123</code>
| |
|
| |
| == 4. Employee Responsibilities ==
| |
| Employees must:
| |
|
| |
| # Keep their password confidential and never share it with others.
| |
|
| |
| # Change their password immediately if they suspect it has been compromised.
| |
|
| |
| # Avoid writing down or storing passwords in insecure places.
| |
|
| |
| # Use only approved password managers (Bitwarden / Vaultwarden) for secure storage.
| |
|
| |
| == 5. Prohibited Practices ==
| |
|
| |
| * Using weak or easily guessable passwords (e.g., names, birthdays, “password123”).
| |
| * Reusing passwords across personal and company accounts.
| |
| * Sharing login credentials with unauthorized persons.
| |
| * Disabling or bypassing security features such as Multi-Factor Authentication (MFA).
| |
|
| |
| == 6. Password Expiry & Reset ==
| |
|
| |
| * Passwords will automatically expire after **42 days** and must be changed before expiration.
| |
| * Forgotten or compromised passwords must be reset through the official IT Helpdesk.
| |
|
| |
| == 7. Monitoring & Compliance ==
| |
|
| |
| * The IT team reserves the right to monitor password usage for compliance.
| |
| * The IT team may enforce password resets if necessary.
| |
| * Non-compliance with this policy may result in disciplinary action.
| |
|
| |
| == 8. Policy Review ==
| |
| This policy will be reviewed annually and updated as needed to align with security best practices.
| |
|
| |
| == 9. Acknowledgement ==
| |
| All employees must acknowledge that they have read, understood, and agree to follow this Password Policy by signing the Password Policy Acknowledgement Form.
| |
|
| |
| If the employee is in the office, they can change the password directly.
| |
| If working from home, they must connect to VPN before changing the password.
| |
|
| |
| ---
| |
|
| |
| == '''Version History''' ==
| |
| {| class="wikitable"
| |
| ! Creating Person
| |
| ! Version
| |
|
| |
| | ! Date (DD-MM-YYYY) |
| |
| | ------------------- |
| |
| | Swapnil Mangalkar |
| |
| | 1.0.0 |
| |
| | 18-08-2025 |
| |
| | } |
| |
|
| |
| ---
| |
|
| |
| If you want, I can also format it with a **table of contents**, add **company logo**, or create similar pages for other IT policies.
| |
