Password Policy

22nd November 2017

On Thurs 7th December 2017, a new password policy will be introduced to the ACW site for all users. In an effort to guarantee that the data held within the ACW database is kept as securely as possible you will be required to change your password.
Your new password should contain the following characteristics:

 

  • Contain as least 12 alphanumeric characters
  • Contain both upper and lower case letters
  • Contain at least one number (0-9)
  • Contain at least one special character (!,!$%^&*()_+|~-=\`{}[]:”;'<>?,/)

Passwords containing the above characteristics are considered to be strong.

Please read the below sections for further guidance on password creation and best practices –

 

Password Creation

    1. All passwords should be reasonably complex and difficult for unauthorised people to guess. Users should choose passwords that are at least twelve characters long and contain a combination of upper and lower case letters, numbers and other special characters.
    2. In addition to these requirements, users should also use common sense when choosing passwords. They must avoid basic combinations that are easy to crack. For example “password”, “password1” and “pa$$w0rd” are all equally bad from a security perspective.
    3. Users should choose unique passwords for all of their system accounts, with meaning only to the user who chooses it.
    4. If the security of a password is in doubt – for example, if it appears that an unauthorised person has logged into the account – the password must be changed immediately
    5. Default passwords-such as those created for new users when they start or those that protect new systems when they are initially set up-must be changed as quickly as possible

 

Poor or weak passwords have the following characteristics:

 

    1. Contain less than eight characters
    2. Contain personal information such as birthdates, addresses, phone numbers or names of family members, pets, friends and fantasy characters.
    3. Contain work-related information such as building names, system commands, sites, companies, hardware or software
    4. Contain number patterns such as aaabbb, qwerty, zyxwvuts or 123321

 

Protecting Passwords

 

    1. Users should never share their passwords with anyone else in their organisation, including co-workers, managers, admin assistants, IT Staff members etc. Everyone who needs access to the ACW system should be given their own unique password.
    2. Users should never share their passwords with any outside parties, including those claiming to be representatives of a business partner with a legitimate need to access the ACW system.
    3. Users should take steps to avoid phishing scams and other attempts by hackers to steal passwords and other sensitive information.
    4. Users should refrain from writing down passwords and keeping them at their workstations.

 

If you have any queries relating to this or concerns that your password integrity may be compromised please do not hesitate in contacting the System Support Team or 0300 303 4444.