For Your Information

Definition

Password Management Best Practices

A password is a secret, typically a series of letters, numbers and other symbols that an employee uses to verify their identity when accessing electronic information. Strong password management practices reduce risk to Government information. Users are strongly encouraged to follow these best practices to ensure adequate protection and security of passwords.

Advice
Best Practice Treat passwords as confidential and protect them from unauthorized access, use or disclosure Enter passwords with caution to prevent viewing by others nearby Do not share or otherwise disclose passwords Do not send passwords in an email When it is necesssary to communicate passwords, do so: In person (i.e. face to face) Via telephone Via voicemail, if the mailbox is dedicated to the authorized recipient (i.e. not a group voicemail) and the number is verified as belonging to that authorized user Via secure mail such as tamper-proof envelopes and certified mail, etc Do not share or write down passwords in any form such as taping to desk walls or terminals, storing in list finders and desk drawers, etc. Change temporary passwords immediately upon first time use of that password. Do not save passwords in unsecured computer files like Microsoft Word or Excel, especially on laptops, notebooks or handheld computers, since these devices are easy targets for theft. Immediately report known or suspected compromises of passwords to an immediate supervisor, manager, or the OCIO Service Desk at (729-4357) or servicedesk@gov.nl.ca.

OCIO | E-mail: IM@gov.nl.ca | Website: http://www.ocio.gov.nl.ca

For Your Information

Advice continued
Password Construction

Password Management Best Practices

Passwords should contain at least 8 characters Passwords should contain mixes of uppercase, lowercase, numbers and punctuation: Alphabets A...Z, a...z Digits 0 to 9 Special characters (e.g. !; ; $; ); (; %; &; *; #; @; ?; {; }; [; ]; =; +; >; <; ) Passwords should not contain an individuals personal information such as names, telephone numbers, dates of birth, names of family members, pets, and addresses Each password should be significantly different from previously used passwords Passwords should not contain, or be the reverse of, user names, user IDs or their variations Tips for Creating Strong Passwords String several words together Combine punctuation or numbers with a regular word Deliberately misspell a word Shift a word up, down, left, or right one row on the keyboard Transpose characters in a word by a certain number of letters up or down the alphabet Transform a regular word according to a specific method, such as making every other letter a number reflecting its position in the word Create acronyms from words in a song, poem, or another known sequence of words Combine several preferences like hours of sleep desired and favorite colors

More Information
Please contact OCIOs IP Advisory Services at IM@gov.nl.ca

OCIO | E-mail: IM@gov.nl.ca | Website: http://www.ocio.gov.nl.ca