General Password Guidelines: Passwords should have at least 6 characters. Passwords should not contain: (i) words in any language, slang, dialect, jargon, etc., even if they are separated by numbers or special character (e.g., be87gin); (ii) repeated characters or a sequence of keyboard letters (e.g., qwerty, 12345, or yyy99); and/or (iii) any part of your name, username, birthday, or social security or those of your friends and family.
• Passwords must not be shared with others under any circumstances.
• Passwords, if they need to be written down or stored on-line, must be stored in a secure place separate from the application or system that is being protected by the password (e.g., no sticky-notes posted on the computer).
• Do not respond to email or phone requests to reveal username and password information.
• Do not use the “remember password” feature of applications unless the system or application has the means to encrypt the remembered password.
• Do not use Company passwords for non-Company sites, such as Gmail or Facebook.
• Set browser defaults to clear password information each time the user exits the browser.
• Do not choose reset questions that may be easy for others to guess (e.g., Q: Name your favorite team: A: Red Sox).