Information Security Password

Information Security Password: Keep It Safe!

Information Security Password: Keep It Safe! The UGA Password Policy specifies that the protection of information systems and infrastructure are compromised by bad password management or construction. One can minimize these risks by requirements for password creation and managing.


This paper outlines the appropriate requirements for creating and maintaining passwords.

Area of implementation

This standard extends to passwords for all computing accounts on all network infrastructure. For instance, universities and the owners of those accounts. As well as system managers and engineers managing or developing applications involving authentication passwords.

Building Password

Minimum Length of Password

The passwords must contain at least 10 characters with a combination of alphanumeric and basic characters. Further, the maximum number of characters permissible by this system is 10 passwords characters.

Composition of passwords

No well-known or widely posted identity details are useful for passwords. Since, Names, usernames like MyID and ID numbers like 81x or UGAID are all very typical examples of IDs that can not use as passwords.

Management of Passwords

Storage Password

Keep all Passwords and never written or registered along with details or user names of the respective account.

Unencoded programming programs like email do not recall passwords. They can use the program with protected password storage, but it must pay intense attention to securing access to this application.

Past of Password

The re-use of the last 5 previously used passwords is a big No for consumers.

Reuse of Login

We shall take respect to avoid compromising the protection of several programs or services by a single username/password. For any other non-UGA accounts and service, the username and password(s) used for your UGA accounts, never re-use any password.

Share and Transfer of Passwords

Unless a user obtains sufficient authorization to do so, credentials are not exchanged or shared with other users.

If it is necessary to disseminate written passwords, they must take adequate steps to avoid unauthorized access to the password. For starters, destroy the record after you have memorized the password.

When sending a password verbally to an appropriate user, take steps to discourage unauthorized persons from overhearing the password.

Transmission of electronics

Using unsecured means, passwords shall not be electronically shared via the Internet. Security protocols such as IMAPS, FTPS, HTTPS, etc. use these instead.

System Management Specifications

Apply Admin Codes

They do not set systems to allow user connection without a password. We shall give exceptions where these machines are designed to public user accounts and have highly limited (e.g. site only) permissions segregated from the administrative account(s) for specific devices such as public access kiosks.

Protect from Hacking Password

System operators shall harden their applications by implementing fair measures to minimize “brute power” password attacks to discourage password cracking. For example, after many unsuccessful login attempts, several systems lock an account for a few minutes, or detect where an attack is made and prevent further attempts from that spot, or a minimum warning in real-time that an attack is under way to allow manual actions.


To record successful and unsuccessful login attempts, realistic procedures shall be in effect.

Password update after disclosure or compromise 

The system administrators must reset user accounts passwords in a timely manner. Further, force users, to discontinue use of the password. Besides, it is a concern for improper use of computing accounts or services. They must reset their own passwords. These include: leakage of an unauthorized person’s password, and detection of an unauthorized person’s password. Similarly, system compromising (unauthorized access to a system or database); and unsecured password transmission. Further, it can be the removal of a user on the network by another individual having access to the same account.
Click to rate this post!
[Total: 0 Average: 0]

Leave a Comment

Your email address will not be published. Required fields are marked *