CALL US NOW : +966556374512

Possword Policy

Version: 2.0.

Policy Code:



Document Control

Executive Summary

Passwords are an important aspect of computer security. They are the front line of protection for user accounts. A poorly chosen password may result in a compromise of IAU entire network. The purpose of having a password policy is to ensure a more consistent measure of security for IAUs’ network and the information it contains. The implementation of this policy will better safeguard the personal and confidential information of all individuals and organizations affiliated, associated, or employed by the University. Additionally, this policy establishes a standard for creation of strong passwords, the protection of those passwords, and the frequency of change of passwords.


The following are the objectives of the policy:

1. Defend against unauthorized access of Gensec Systems that could result in a compromise of personal or institutional data

2. Ensure that Gensec Systems resources are used in an appropriate fashion, and support the company’s

Elcen Metal Products Co

3. Encourage users to understand their own rights and responsibilities for protecting their passwords.

4. Protect the privacy and integrity of data stored on the company network.

Entities affected by this Policy

This policy applies to all persons who have, or are responsible for, an account on any system accessed on the Company network or computer systems.

Policy Statement

Guidelines & Procedures Statements

General Guidelines:

1. Passwords must be changed every 90 days. 2. All passwords must meet the definition of a Strong password described below in the strong password construction guidelines section.

3. Each successive password must be unique. Re-use of the same password will not be allowed. 4. Any temporary password will expire at 23:59:59 of the date issued. 5. A user account will be temporarily locked for three (3) minutes after 3 consecutive failed


a. Account Lockout Duration: 15 mins. b. Account Lockout Threshold: 3. c. Reset Account Lockout Counter: 30 mins.

6. The "reset password" process will be applied to users who logs in for the first time.

Poor, weak passwords have the following characteristics:

1. The password contains less than eight characters. 2. The password is a word found in a dictionary (English or foreign). 3. The password is a common usage word such as: a. Name of family, pets, friends, co-workers, fantasy characters, etc. b. Computer terms and names, commands, sites companies, hardware, software. c. Birthdays and other personal information such as addresses and phone numbers. d. Word or number patterns like aaabbb, 111222, zyxwvts, 4654321, etc. e. Any of the above spelled backward like fesuoy, damha, etc. f. Any of the above preceded or followed by a digit (e.g., secret1, 1secret).

Strong Password Construction Guidelines:

1. Are at least eight alphanumeric characters long

2. Passwords do not contain user ID

3. Contain no more than two identical characters in a row and are not made up of all numeric or alpha characters

4. Contain at least three of the five following character classes:

a. Lower case characters b. Upper case characters c. Numbers d. “Special” characters (e.g. @#$%^&*()_+|~-=\`{}[]:";'<>/ etc) e. Contain at least eight alphanumeric characters.

Responsibilities of the User Statements

Users are responsible for assisting in the protection of the network and computer systems they use. The integrity and secrecy of an individual's password is a key element of that responsibility. Everyone has the responsibility for creating and securing an acceptable password per this policy. Failure to conform to these restrictions may lead to the suspension of rights to Company systems or other action as provided by Company Policy.

Policy Violation

Anyone who violate this policy will be subject to any or all the following actions: Suspension of the company internet account/access. The referral of the case to the company Legal Department along with supporting evidence for an appropriate action.


By enforcing the acceptable use policy, we aim to achieve the following outcomes:

1. Better informed university community regarding acceptable and unacceptable use of Gensec Systems Resources.

2. Responsible Gensec Systems , community regarding the value and use of Gensec Systems , resources.


The following terms are used in this document: Access - Connection of Company, personal or third party owned devices to anna star Infrastructure facilities via a direct or indirect connection method. Authorized User - An individual who has been granted access to anna star services Expiration - Date at which password for access to company systems is required to be changed meeting strong password standards. Information Resources - Assets and infrastructure owned by, explicitly controlled by, or in the custody of the company including but not limited to data, records, electronic services, network services, software, computers, and Information systems.


1. Acceptable Use Policy

Key Features