Jump to content

Password & Authentication Policy

From HEIN+FRICKE

1. Purpose

This policy establishes the standards for creating, using, and maintaining secure passwords within the company. Strong password practices are essential to protect company systems, data, and user accounts from unauthorized access.

2. Scope

This policy applies to all employees, contractors, interns, and consultants who are assigned login credentials for any company system, application, or device.

3. Password Requirements

  • Password History: Do not reuse your previous 24 passwords.
  • Password Age: Passwords can only be changed after 24 hours from the last change.
  • Password Length: Passwords must be at least 7 characters long.
  • Password Complexity: Passwords must include:
    • At least one uppercase letter (A–Z)
    • At least one lowercase letter (a–z)
    • At least one number (0–9)
    • At least one special character (e.g., @, #, $, %)

Examples:

  • Bad Practice: user123
  • Good Practice: User@123

4. Employee Responsibilities

Employees must:

  1. Keep their password confidential and never share it with others.
  2. Change their password immediately if they suspect it has been compromised.
  3. Avoid writing down or storing passwords in insecure places.
  4. Use only Bitwarden/Vaultwarden password managers for secure storage.

5. Prohibited Practices

  • Using weak or easily guessable passwords (names, birthdays, “password123”).
  • Reusing passwords across personal and company accounts.
  • Sharing login credentials with unauthorized persons.
  • Disabling or bypassing security features such as Multi-Factor Authentication (MFA).

6. Password Expiry & Reset

  • Passwords automatically expire after 42 days and must be changed before expiration.
  • Forgotten or compromised passwords must be reset through the official IT Helpdesk.

7. Monitoring & Compliance

  • The IT team may monitor password usage for compliance.
  • The IT team may enforce password resets if necessary.
  • Non-compliance may result in disciplinary action.

8. Policy Review

This policy will be reviewed annually and updated as needed to align with security best practices.

9. Acknowledgement

All employees must confirm that they have read, understood, and agree to follow this Password Policy by signing the Password Policy Acknowledgement Form.

Employees working from the office may change their password directly.

Remote employees must connect to the VPN before changing their password.

Version History

  • Creating Person: Swapnil Mangalkar
  • Version: 1.0.0
  • Date: 18-08-2025
Retrieved from "https://doc.heinfricke.team/index.php?title=Password_%26_Authentication_Policy&oldid=330"