Tophawks Password Policy


  1. Introduction
    Passwords are an important aspect of computer security. A poorly chosen password may result in unauthorized access and/or exploitation of our resources. All users, including contractors and vendors with access to Tophawks systems, are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords. 
     
  2. Purpose
    This document provides the detailed password policy statements that support the overall IT security objectives of Tophawks.
     
  3. Password Policy
     
    Policy Overview
    The policy describes how users of Tophawks Limited supported systems should create and manage their passwords. 
     
    Policy Audience
    This policy applies to all Tophawks employees including temporary staff, sub-contractors, contractors and third parties with access to information, information systems and services. 
     
    Policy Detail
     
    – Users must not write down their password.
    – Users must not disclose their password by any means.
    – Users must choose a password that is not easily guessed by others, for
    example the following are not suitable–dictionary words, carmakers, telephone & room numbers; forenames and surnames; common words e.g. colours, seasons, days, sports, beverages etc.; simple key keyboarded sequences. qwerty; words associated with computers.
    – Passwords must have a minimum of 8 characters.
    – 5 unsuccessful authentication attempts lock out the user ID. 
    – Multi-factor authentication is highly encouraged and should be used whenever possible, not only for work related accounts but personal accounts also.
    – Users must ensure their password is different from any other passwords they use to access non-systems or devices.

– Users must ensure that password consists of a mix of at least 3 of the following types of
characters:
– Alpha (uppercase), alpha (lowercase), numeric characters and special characters (i.e., punctuation).
– Should a password be compromised, it should be changed immediately and the IT Help desk informed.
– Under no circumstances should the logon or password be shared.
The sharing of password is considered a serious disciplinary offence and will be dealt with accordingly.
-All users are responsible for reporting any suspected misuse of passwords.
– Account Lock threshold: 5 invalid logon attempts.
– Account Lockout Duration: 1 hour.
– Screen lock out duration: 5 minutes and “Password protect the screensaver” option should be ‘Enabled’.
 
Policy Non-Compliance
Any breach of this policy could result in disciplinary action and possible action if information loss occurs.