Professional Documents
Culture Documents
Secure Password Standards
Secure Password Standards
Secure Password Standards
Statement of Policy
Objective
This standard covers the unique user identification and passwords that will apply to electronic information
systems that maintain protected information.
Standards
In order to connect to WUSM confidential or protected information workforce members must comply with the
following password standards.
Passwords must be random and required to change on the first login.
A default password will not be given to all workforce members.
WUSM IT Support groups will only reset password when the workforce members identity has been
verified.
WUSM IT Support groups will not ask for workforce members passwords via email.
Passwords are not to be shared.
Refrain from writing passwords down. Use encrypted password vaults to store passwords if
necessary.
Passwords should not be easily guessed (i.e. children or pets name, favorite teams, or information
easily obtained about you online).
Passwords should not be stored or remembered by applications, especially when not using your
normal workstation (i.e. kiosks, common workstations, friends or families computers)
Contact the WUSM IT Support group to reset your passwords if you suspect it has been
compromised.
WUSM workforce members must not circumvent password entry with auto logon, application
remembering, embedded scripts or had coded passwords in client software except where approved
by the Information Security Office.
Password protected screen savers or logging off the device is required when systems are unattended.
Information Security Standards
WUSM passwords / passphrases are required to meet one of the following criteria:
If a system does not support the minimum structure and complexity as listed above, an exception form must be
completed and a risk assessment will be performed by the Information Security Office. 01.01.01.04 Policy Exception
Request Form