This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
wiki:policies:password [2023/01/26 19:53] kholub |
wiki:policies:password [2024/01/31 18:42] (current) katcow |
||
---|---|---|---|
Line 15: | Line 15: | ||
===== Policy ===== | ===== Policy ===== | ||
- | ** <font 18px/ | + | ==== Internal Company Passwords |
- | Concerns rules and practices | + | **Application Passwords** - All programs, including applications developed |
- | === Application | + | **Changing |
- | All programs, including | + | **Sharing Passwords** - Passwords must be kept confidential and may not be shared among users. Users are prohibited from recording passwords in an unencrypted medium, like a notetaking application, |
- | === Changing Passwords === | + | **Password Storage |
- | + | ==== Password Complexity | |
- | All passwords must be promptly changed if they are suspected of being disclosed, or known to have been disclosed to unauthorized parties. | + | |
- | + | ||
- | === Sharing Passwords === | + | |
- | + | ||
- | Passwords must be kept confidential and may not be shared among users. Users are prohibited from recording passwords in an unencrypted medium, like a notetaking application, | + | |
- | + | ||
- | === Password Storage | + | |
- | + | ||
- | Passwords will not be stored in readable form without access control or in other locations where unauthorized persons might discover them. All such passwords are to be strictly controlled using either physical security or computer security controls | + | |
- | + | ||
- | === Password Complexity === | + | |
Passwords must: | Passwords must: | ||
Line 47: | Line 36: | ||
* must not match your user name or email | * must not match your user name or email | ||
- | ** <font 20px/ | + | ===== |
- | Concerns rules and practices for users authenticating to NK software | + | **Application Passwords** |
- | + | ||
- | **Application Passwords** | + | |
- | + | ||
- | All programs, including third party purchased software and applications developed internally by Nested Knowledge must be password protected. | + | |
=== User Authentication === | === User Authentication === | ||
All systems will require a valid user ID and password. All unnecessary operating system or application user IDs not assigned to an individual user will be deleted or disabled. The use of a four digit pin or secret questions is not acceptable as an authentication method. | All systems will require a valid user ID and password. All unnecessary operating system or application user IDs not assigned to an individual user will be deleted or disabled. The use of a four digit pin or secret questions is not acceptable as an authentication method. | ||
+ | |||
+ | As described in our [[: | ||
=== Choosing Passwords === | === Choosing Passwords === | ||
Line 63: | Line 50: | ||
All user-chosen passwords must contain at least one alphabetic character, one number, and one special character. Passwords must contain a minimum of 8 characters. All users must be automatically forced to change their passwords appropriate to the classification level of information. To obtain a new password, a user must present suitable identification. Passwords requirements are set by the respective systems—for instance, Google Accounts and Outh2, and are subject to change. | All user-chosen passwords must contain at least one alphabetic character, one number, and one special character. Passwords must contain a minimum of 8 characters. All users must be automatically forced to change their passwords appropriate to the classification level of information. To obtain a new password, a user must present suitable identification. Passwords requirements are set by the respective systems—for instance, Google Accounts and Outh2, and are subject to change. | ||
- | ** <font 20px/ | + | ==== General |
+ | |||
+ | Applies to Nested Knowledge internal passwords and passwords for all Nested Knowledge users. | ||
=== Password Expiration Time === | === Password Expiration Time === | ||
- | The company does not currently have a Password Expiration Time policy; Google and Auth0 may require users to change their passwords at required intervals, but the company defers to these provider' | + | The company does not currently have a Password Expiration Time policy; Google and Auth0 may require users to change their passwords at required intervals, but the company defers to these provider' |
The company will review the Password Expiration Time policy periodically to ensure that long-term exposures are minimized. | The company will review the Password Expiration Time policy periodically to ensure that long-term exposures are minimized. | ||
Line 86: | Line 75: | ||
^Author^Date of Revision/ | ^Author^Date of Revision/ | ||
+ | |K. Cowie|10/ | ||
|K. Kallmes|11/ | |K. Kallmes|11/ | ||
|P. Olaniran|08/ | |P. Olaniran|08/ | ||
|K. Cowie|09/ | |K. Cowie|09/ | ||
+ | |K. Holub|01/ | ||
[[: | [[: | ||