Jump to content

Password & Authentication Policy

From HEIN+FRICKE
Revision as of 09:45, 24 November 2025 by Suraj.mali@heinfricke.team (talk | contribs) (Created page with "Below is your **Password Policy document fully converted into clean, structured, MediaWiki format**. You can copy-paste directly into your MediaWiki page. --- # '''Password Policy''' © Hein+Fricke India Technology Services Private Limited [www.heinfricke.com](http://www.heinfricke.com) --- == 1. Purpose == This policy establishes the standards for creating, using, and maintaining secure passwords within the company. Strong password practices are essential to protec...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Below is your **Password Policy document fully converted into clean, structured, MediaWiki format**. You can copy-paste directly into your MediaWiki page.

---

  1. Password Policy

© Hein+Fricke India Technology Services Private Limited [www.heinfricke.com](http://www.heinfricke.com)

---

1. Purpose

This policy establishes the standards for creating, using, and maintaining secure passwords within the company. Strong password practices are essential to protect company systems, data, and user accounts from unauthorized access.

2. Scope

This policy applies to all employees, contractors, interns, and consultants who are assigned login credentials for any company system, application, or device.

3. Password Requirements

  • Password History: Do not reuse your previous 24 passwords.
  • Password Age: Passwords can only be changed after 24 hours from the last change.
  • Password Length: Passwords must be at least 7 characters long.
  • Password Complexity: Passwords must include:
 ** At least one uppercase letter (A–Z)
 ** At least one lowercase letter (a–z)
 ** At least one number (0–9)
 ** At least one special character (e.g., @ # $ %)
Examples
  • Bad Practice: user123
  • Good Practice: User@123

4. Employee Responsibilities

Employees must:

  1. Keep their password confidential and never share it with others.
  1. Change their password immediately if they suspect it has been compromised.
  1. Avoid writing down or storing passwords in insecure places.
  1. Use only approved password managers (Bitwarden / Vaultwarden) for secure storage.

5. Prohibited Practices

  • Using weak or easily guessable passwords (e.g., names, birthdays, “password123”).
  • Reusing passwords across personal and company accounts.
  • Sharing login credentials with unauthorized persons.
  • Disabling or bypassing security features such as Multi-Factor Authentication (MFA).

6. Password Expiry & Reset

  • Passwords will automatically expire after **42 days** and must be changed before expiration.
  • Forgotten or compromised passwords must be reset through the official IT Helpdesk.

7. Monitoring & Compliance

  • The IT team reserves the right to monitor password usage for compliance.
  • The IT team may enforce password resets if necessary.
  • Non-compliance with this policy may result in disciplinary action.

8. Policy Review

This policy will be reviewed annually and updated as needed to align with security best practices.

9. Acknowledgement

All employees must acknowledge that they have read, understood, and agree to follow this Password Policy by signing the Password Policy Acknowledgement Form.

If the employee is in the office, they can change the password directly. If working from home, they must connect to VPN before changing the password.

---

Version History

Creating Person Version

---

If you want, I can also format it with a **table of contents**, add **company logo**, or create similar pages for other IT policies.

Retrieved from "https://doc.heinfricke.team/index.php?title=Password_%26_Authentication_Policy&oldid=328"