410
Networking: A Beginner's Guide
(3) The system will force a password change once per year automatically.
Users may change their passwords more frequently if required or
desired.
(4) The system maintains a password history and will not allow users
to use the same password for five changes.
(5)
The
system maintains an "account lockout policy" which will lock
any account after eight invalid attempts within any 30-minute period.
The account can be unlocked only by an IT system administrator.
(6) Special logins and passwords are set for certain computers in the
building. These logins are restricted to be usable only from those
computers, and are used for specific purposes (such as using a
computer connected to a laboratory instrument, or using one of the
presentation computers). These accounts are further secured with
limited access to the network. These accounts are not subject to the
normal password policy settings, but instead use a password assigned
by the IT department, and those passwords are known to a number of
employees and are not required to be changed.
ii) For the accounting system:
(1) Accounting system accounts are secured with an accounting
system-specific username and password.
(2) The accounting system will force a password change every 90 days
on all of its accounts. Users will be instructed to choose nonobvious
passwords, although the accounting system has no facility to ensure
the length or complexity of passwords.
b)
User
responsibilities:
i) All users must not share their passwords or security codes with anyone,
including with administrators of the system and their management.
ii) All users will make reasonable efforts to conceal their passwords or
security codes.
iii)
All users will not ask others for the use of their password or security code.
iv) If users lose or forget their password, the administrator will assign a new,
temporary password for them, and will set their account so that they are
prompted to select a new private password at their first login.
v) Each user is responsible for logging off, shutting down or locking his or
her computer at the end of each business day.
c) When a user leaves the company:
i) Human Resources and the appropriate supervisor will complete the
Employee Departure form, indicating date of departure and any special
considerations as specified in the form.