Welcome to Scribd!

Skip carousel

Password Construction Guidelines

Uploaded by

bejinaru.oanaisabelle

0% found this document useful (0 votes)

2 views2 pages

Pw construction

Copyright

Available Formats

DOCX, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Pw construction

Copyright:

Available Formats

Download as DOCX, PDF, TXT or read online from Scribd

Flag for inappropriate content

Download as docx, pdf, or txt

0% found this document useful (0 votes)

2 views2 pages

Password Construction Guidelines

Uploaded by

bejinaru.oanaisabelle

Pw construction

Copyright:

Available Formats

Download as DOCX, PDF, TXT or read online from Scribd

Flag for inappropriate content

Download as docx, pdf, or txt

Jump to Page

You are on page 1of 2

Search inside document

Password Construction Guidelines

Last Update Status: Updated October 2022

Free Use Disclaimer: This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for
your organization. There is no prior approval required. If you would like to contribute a new policy or updated version of this policy, please send email to
policy-resources@sans.org.

1. Overview
Passwords are a critical component of information security. Passwords serve to protect
access to user accounts, data and systems. However, a poorly constructed or easily
guessed password can compromise the strongest defenses. This guideline provides best
practices for creating strong passwords.

2. Purpose
The purpose of this guidelines is to provide best practices for the creation of strong
passwords.

3. Scope
This guideline applies to employees, contractors, consultants, temporary and other
workers, including all personnel affiliated with third parties. This guideline applies to all
passwords including but not limited to user-level accounts, system-level accounts, web
accounts, e-mail accounts, screen saver protection, voicemail, and local router logins.

4. Policy

Strong passwords are long, the more characters a password has the stronger it is.
We recommend a minimum of 16 characters in all work related passwords. In
addition, we encourage the use of passphrases, passwords made up of multiple
words. Examples include “It’s time for vacation” or “block-curious-sunny-leaves”.
Passphrases are both easy to remember and type yet meet the strength
requirements.

Password cracking or guessing may be performed on a periodic or random basis by

the Infosec Team or its delegates. If a password is guessed or cracked during one of
these scans, the user will be required to change.

CONSENSUS POLICY RESOURCE COMMUNITY

5.1 Compliance Measurement

The Infosec team will verify compliance to this policy through various methods,
including but not limited to password cracking exercises, business tool reports, internal
and external audits, and feedback to the policy owner.
5.2 Exceptions
Any exception to the policy must be approved by the Infosec team in advance.
5.3 Non-Compliance
An employee found to have violated this policy may be subject to disciplinary action, up
to and including termination of employment.

6. Related Standards, Policies and Processes

None.

7. Definitions and Terms

None.

8. Revision History

Date of Change Responsible Summary of Change

June 2014 SANS Policy Team Separated out from the Password Policy
and converted to new format.

October, 2017 SANS Policy Team Updated to reflect changes in NIST SP800-
63-3

October 2022 SANS Policy Team Updated and converted to new format.

CONSENSUS POLICY RESOURCE COMMUNITY

E21S Intallation Manual
Document38 pages
E21S Intallation Manual
tamssic
100% (1)
CompTIA CASP+ CAS-004 Exam Guide: A-Z of Advanced Cybersecurity Concepts, Mock Exams, Real-world Scenarios with Expert Tips (English Edition)
From Everand
CompTIA CASP+ CAS-004 Exam Guide: A-Z of Advanced Cybersecurity Concepts, Mock Exams, Real-world Scenarios with Expert Tips (English Edition)
Dr. Akashdeep Bhardwaj
No ratings yet
Work Station Security
Document3 pages
Work Station Security
sp
No ratings yet
Password Policy
Document4 pages
Password Policy
noorulathar
100% (2)
P6 Training Aberdeen
Document3 pages
P6 Training Aberdeen
Nnamdi
No ratings yet
Password Construction Guidelines
Document2 pages
Password Construction Guidelines
Radziman Rahman
No ratings yet
Guias de Contruccion de Contraseña Segura
Document2 pages
Guias de Contruccion de Contraseña Segura
Jose Angel Medina
No ratings yet
Password Protection Policy
Document3 pages
Password Protection Policy
norsyaliza
No ratings yet
Password Protection Policy
Document3 pages
Password Protection Policy
Rahul Garg
No ratings yet
Password Protection Policy
Document3 pages
Password Protection Policy
Eliezer Rodriguez
No ratings yet
Password Protection Policy
Document4 pages
Password Protection Policy
John
No ratings yet
Password Construction Guidelines: 1. Overview
Document2 pages
Password Construction Guidelines: 1. Overview
Belly Buster
No ratings yet
Password Policy Best Practices For Strong Security in AD
Document8 pages
Password Policy Best Practices For Strong Security in AD
Sivasakti Marimuthu
No ratings yet
Lunajesus Password Policy Week4
Document5 pages
Lunajesus Password Policy Week4
api-645969479
No ratings yet
Automatically Forwarded Email Policy: 1. Overview
Document2 pages
Automatically Forwarded Email Policy: 1. Overview
Abdullah Amer
No ratings yet
Database Credentials Coding Policy: 1. Overview
Document4 pages
Database Credentials Coding Policy: 1. Overview
NZ
No ratings yet
Overview: Password Protection Policy
Document3 pages
Overview: Password Protection Policy
Sanda Nechifor
No ratings yet
Removable Media Policy
Document2 pages
Removable Media Policy
Nguyễn Phi Trường
No ratings yet
Removable Media Policy
Document2 pages
Removable Media Policy
Rashid Kamal
No ratings yet
Overview: Removable Media Policy
Document2 pages
Overview: Removable Media Policy
Junon Armory
No ratings yet
Database Credentials Coding Policy: 1. Overview
Document4 pages
Database Credentials Coding Policy: 1. Overview
Hector G.
No ratings yet
Password Policy Best Practices
Document5 pages
Password Policy Best Practices
Thulmin Damsilu Jayawardena
No ratings yet
Overview: Removable Media Policy
Document2 pages
Overview: Removable Media Policy
Hector G.
No ratings yet
Database Credentials Policy
Document4 pages
Database Credentials Policy
ogalch
No ratings yet
Password Protection Policy
Document7 pages
Password Protection Policy
abhi7991
No ratings yet
1SecurityPolicy Version 1.0
Document37 pages
1SecurityPolicy Version 1.0
Ghani Al
No ratings yet
Password Protection Policy
Document3 pages
Password Protection Policy
Calon Dokter
No ratings yet
Database Credentials Policy
Document4 pages
Database Credentials Policy
RubenAguayo
No ratings yet
Database Credentials Policy
Document4 pages
Database Credentials Policy
roolmereyes
No ratings yet
Accordance
Document11 pages
Accordance
sfvfvrv
No ratings yet
End User Encryption Key Protection Policy
Document5 pages
End User Encryption Key Protection Policy
John
No ratings yet
Password Management Tech Brief
Document16 pages
Password Management Tech Brief
PistolStar Tailored Authentication
No ratings yet
Overview: Email Retention Policy
Document4 pages
Overview: Email Retention Policy
Hector G.
No ratings yet
The Security Cookbook For Small and Medium Enterprises - Part 1
Document38 pages
The Security Cookbook For Small and Medium Enterprises - Part 1
Kubilay Doğan
No ratings yet
Software Installation Policy
Document2 pages
Software Installation Policy
Kai
No ratings yet
ATC Internship Letter - Ansh
Document53 pages
ATC Internship Letter - Ansh
Ayush srivastava
No ratings yet
Overview: Server Security Policy
Document3 pages
Overview: Server Security Policy
Spit Fire
No ratings yet
3.1.1.5 Lab - Create and Store Strong Passwords
Document3 pages
3.1.1.5 Lab - Create and Store Strong Passwords
Richard Parulian
No ratings yet
Information Logging Standard: 1. Overview
Document4 pages
Information Logging Standard: 1. Overview
Silver
No ratings yet
IT Password Policy - 2022
Document9 pages
IT Password Policy - 2022
Francois92
No ratings yet
Remote Access Tools Policy
Document3 pages
Remote Access Tools Policy
Anis Qasem
No ratings yet
Laboratory Activity 5 - Create and Store Strong Passwords
Document3 pages
Laboratory Activity 5 - Create and Store Strong Passwords
averson salaya
No ratings yet
Information Logging Standard: 1. Overview
Document4 pages
Information Logging Standard: 1. Overview
Spit Fire
No ratings yet
Overview: Lab Anti-Virus Policy
Document2 pages
Overview: Lab Anti-Virus Policy
Areef
No ratings yet
Password Guidance 1671651662
Document16 pages
Password Guidance 1671651662
rrr
No ratings yet
Midterm Exam BasnetKaushal
Document8 pages
Midterm Exam BasnetKaushal
kaushalbasnet988
No ratings yet
Lab Anti Virus Policy
Document2 pages
Lab Anti Virus Policy
Reygie Prieto
No ratings yet
Communications Equipment Policy: 1. Overview 2. Purpose
Document2 pages
Communications Equipment Policy: 1. Overview 2. Purpose
Abdullah Amer
No ratings yet
Authlogics Password Security Management Datasheet
Document2 pages
Authlogics Password Security Management Datasheet
علي الاسدي
No ratings yet
Mobile Device Encryption Policy
Document2 pages
Mobile Device Encryption Policy
bejinaru.oanaisabelle
No ratings yet
Information Security
Document7 pages
Information Security
shankarshiva74541
No ratings yet
11 Top Cyber Security Best Practices To Prevent A Breach
Document3 pages
11 Top Cyber Security Best Practices To Prevent A Breach
Armena Begrado
No ratings yet
Rusec
Document522 pages
Rusec
Geoff Zinderdine
No ratings yet
S - Managing Account Policies and Service Accounts
Document5 pages
S - Managing Account Policies and Service Accounts
Nithya Rajaram
No ratings yet
SANS Remote Access Tools Policy
Document3 pages
SANS Remote Access Tools Policy
terramoco
No ratings yet
Software Installation Policy
Document2 pages
Software Installation Policy
LinuxPower
100% (1)
W3-Module 003 Implementing Basic Security System
Document4 pages
W3-Module 003 Implementing Basic Security System
Dean Levy
No ratings yet
Creating A Password Policy Your Employees Will Actually Follow
Document9 pages
Creating A Password Policy Your Employees Will Actually Follow
prinsloojustine
No ratings yet
IAP301 SE161501 Lab5
Document7 pages
IAP301 SE161501 Lab5
Le Trung Son (K16HCM)
No ratings yet
Privileged Account Management PDF
Document20 pages
Privileged Account Management PDF
ayalewtesfaw
No ratings yet
Active Directory Security Best Practices
Document10 pages
Active Directory Security Best Practices
SEEMA SEEMA
No ratings yet
Ucs422 Partc Group Assingment
Document10 pages
Ucs422 Partc Group Assingment
Amirul Amir
No ratings yet
MEP Coordination
Document42 pages
MEP Coordination
Giang Lam
100% (1)
Computer Forensics Investigation - A Case Study PDF
Document3 pages
Computer Forensics Investigation - A Case Study PDF
Tefe
No ratings yet
Mscit Sem3and4
Document11 pages
Mscit Sem3and4
JIGAR SAGAR
No ratings yet
Accounting Information Systems Tradition PDF
Document12 pages
Accounting Information Systems Tradition PDF
chere
No ratings yet
How Hackers Can Hack Someone's Facebook Account: Phishing
Document5 pages
How Hackers Can Hack Someone's Facebook Account: Phishing
grrdhdrh
No ratings yet
Saudi digitalSME PDF
Document118 pages
Saudi digitalSME PDF
Adham Azzam
No ratings yet
Lab 5.5.1: Basic Spanning Tree Protocol: Topology Diagram
Document36 pages
Lab 5.5.1: Basic Spanning Tree Protocol: Topology Diagram
Abreham Getachew
No ratings yet
0-1 Knapsack Using Dynamic Programming: Made By
Document43 pages
0-1 Knapsack Using Dynamic Programming: Made By
bushra tufail
No ratings yet
How To Import The Project
Document1 page
How To Import The Project
luqman1239
No ratings yet
Amjad Survey Paper
Document22 pages
Amjad Survey Paper
Dr-Mohammed Rihan
No ratings yet
Netbackup 8.0 Blueprint OpsCenter
Document59 pages
Netbackup 8.0 Blueprint OpsCenter
alireza1023
No ratings yet
List of User Exists
Document52 pages
List of User Exists
jack
No ratings yet
(Download PDF) Engineering With Excel 5Th Edition Ronald W Larsen Online Ebook All Chapter PDF
Document42 pages
(Download PDF) Engineering With Excel 5Th Edition Ronald W Larsen Online Ebook All Chapter PDF
michael.white916
100% (14)
Manual JVC Car Stereo System KD-R730BT
Document2 pages
Manual JVC Car Stereo System KD-R730BT
juanf
No ratings yet
Queyquep MIDTERM PRACTICESET8
Document10 pages
Queyquep MIDTERM PRACTICESET8
annika
No ratings yet
Detection and Verification System of Handwriting and Signature Using Raspberry Picopy 220426094934
Document48 pages
Detection and Verification System of Handwriting and Signature Using Raspberry Picopy 220426094934
Akmad Ali Abdul
No ratings yet
M01 - Determine Best Fit Topology
Document34 pages
M01 - Determine Best Fit Topology
Alazar walle
100% (2)
Cs Sample Papers Raipur Region
Document57 pages
Cs Sample Papers Raipur Region
Sara Patil
No ratings yet
EM0505 3.0v1 Introduction To Sophos Email
Document19 pages
EM0505 3.0v1 Introduction To Sophos Email
emendoza
No ratings yet
GPS Pitch Deck
Document9 pages
GPS Pitch Deck
Nugi Dirgantara
No ratings yet
Storagetek Sl150 Modular Tape Library: Make Simplicity A Priority
Document5 pages
Storagetek Sl150 Modular Tape Library: Make Simplicity A Priority
Rochdi Bouzaien
No ratings yet
Hyper-V and Failover Clustering Mini Poster
Document1 page
Hyper-V and Failover Clustering Mini Poster
IonutBarbieru
No ratings yet
Cobra ODE Installation Manual (English) v1.4
Document49 pages
Cobra ODE Installation Manual (English) v1.4
sasa097
100% (1)
Cyber Security Module 1
Document4 pages
Cyber Security Module 1
silentnight
No ratings yet
BTT - Unit 1 Activity - Digital Footprint - Hailey Kotansky
Document3 pages
BTT - Unit 1 Activity - Digital Footprint - Hailey Kotansky
Hailey Kotansky
No ratings yet
Fluent UDF 16.0 L01 Introduction PDF
Document37 pages
Fluent UDF 16.0 L01 Introduction PDF
Vishal Anand
No ratings yet
LG LCD 32sl80yr CH lp91t
Document27 pages
LG LCD 32sl80yr CH lp91t
Luis Mantilla
No ratings yet
Siebel 8 Consultant Certified Expert Certification
Document7 pages
Siebel 8 Consultant Certified Expert Certification
Kholid eFendi
No ratings yet