
Password Best Practice
All sensitive data environment systems should have a unique user ID and a private password. Each employee is personally responsible for the usage of his or her user ID and password.
Password Requirements
All User IDs with access to the sensitive data environment should utilize a strong password and meet the following minimum requirements per the NIST 800-63-3 specification:
- We do not enforce password expiration
12 characters
New password should not be same as any of last 5 passwords used
- A maximum of 5 failed log-in attempts
- Lockout duration is 10 minutes
Compare password to a commonly-used password dictionary to block the use of compromised
or weak passwords
All printable and Unicode characters as well as spaces.