Joel D. Kinard CISSP, CIAM, EIT
205 Airport Road
Monroe , NC 28110
Email address: jdkinard@gmail.com


Password Controls

User passwords are the very first line of defense against unwanted intrusions on computers and networked data systems.  Password protection is used on the corporate network, to ensure that only authorized users can access it or any desktop systems of the Company.  Currently, the following password criteria must be met:  

  • All passwords must be at least six characters in length.
  • Passwords must be changed every 90 days.  An employee may elect to change their password at any time; each time a password is changed, a new 90-day expiration period goes into effect.  If a password is not changed within 90 days, the user will be locked out of the network, and will be unable to log in until the password is manually reset by an administrator.
  • Secure passwords protect the integrity of each network users’ personal data, access to their email account, and to their network storage location, the U:-drive.  Each user should guard their password carefully, and never share it with any other person.  Fourteen days before a user's password will expire, he/she will get a notice when they log in that their password will "expire in XX days".  The notice will appear each time they log into the network, until they have changed their password.  It will ask them if they want to change it at that time, and they can change it then.  Otherwise they can choose to wait until a later time.  Each day that passes and the password is not changed, the time to expiration will be decremented by one day.  If the countdown expires and the user has not changed their password yet, they will no longer be able to log in, until their password is reset manually by an administrator.  If this ever becomes necessary, the user will be given a temporary password, and they will be required to change it again after they first log in with the temporary one.
  • When choosing a password, avoid selecting common words found in the dictionary.
  • Do not use any part of your name or userid.
  • Passwords cannot be repeated.
  • Do not write down your password and leave it in a conspicuous location, such as taped to your monitor or cabinet, or underneath your mousepad.  If you choose to write a new password down until you get familiar with it, place that piece of paper in your wallet or purse so it is always with you, and difficult for others to access.
  • Never include your password in email messages, which are very insecure.  Networks can be “sniffed” and passwords can be easily readable in email; they travel to their destination unencrypted.