In any system, the password plays a very important role in terms of security. A poor password may lead to an organization's resources being compromised. The password protection policy should be adhered to by everyone in the organization, from users to the administrator level.
Follow the given rules when selecting or securing your password.
For the creation policy, follow these rules:
A user should not use the same password for all the accounts in an organization
All access-related passwords should not be the same
Any system-level account should have a password that's different from any other account held by the same user
For the protection policy, follow these rules:
A password is something that needs to be treated as sensitive and confidential information. Hence, it should not be shared with anyone.
Passwords should not be shared through any electronic communication, such as e-mails.
Never reveal a password on your phone or questionnaire.
Do not use password hints that could provide clues to an attacker.
Never share company passwords with anyone, including administrative staff, managers, colleagues, and even family members.
Don't store passwords in written form anywhere in your office. If you store passwords on a mobile device, always use encryption.
Don't use the Remember Password feature of applications.
In there's any doubt of a password being compromised, report the incident and change the password as soon as possible.
For the change policy, follow these rules: