Electronic Devices and Passwords Policy

From Handcrafted Policy
Revision as of 12:14, 6 May 2025 by Seymour Jacklin (talk | contribs) (Created page with "(continued...) = Passwords = Employees at Handcrafted Projects must access a variety of IT resources, including computers and other hardware devices, data storage systems, and other accounts. Passwords are an important part of our strategy to make sure only authorized people can access those resources and data. An individual who has access to any of those resources is responsible for choosing strong passwords and protecting his or her login information from unauthoriz...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

(continued...)

Passwords

Employees at Handcrafted Projects must access a variety of IT resources, including computers and other hardware devices, data storage systems, and other accounts. Passwords are an important part of our strategy to make sure only authorized people can access those resources and data.

An individual who has access to any of those resources is responsible for choosing strong passwords and protecting his or her login information from unauthorized use.

The purpose of this policy is to make sure all Handcrafted Projects' resources and data receive adequate password protection. It covers all employees who are responsible for one or more accounts or have access to any resource that requires a password.

Password creation

Passwords should be reasonably complex and difficult for unauthorised people to guess.

Passwords should be at least twelve characters long and contain a combination of upper- and lower-case letters, and numbers.

Employees should use common sense when choosing passwords to avoid using basic combinations that are easy to crack, such as passwords which use common phrases (e.g. “password,” “1password” and “Pa$$w0rd”). Further guidance on avoiding common passwords is available in the Further Resources section at the end of the policy.

It is recommended that employees use methods to create strong passwords such as:

  • Pick a phrase, take its initials, replace some of those letters with numbers and other characters, and mix up the capitalization. For example, the phrase “This may be one way to remember” can become “TmB0WTr!”.
  • Combining three random words and a number (e.g. ‘HeartTorchBrick538’)

Employees must choose unique passwords for all Handcrafted accounts and may not use a password that they are already using for a personal account.

Default passwords — such as those created for new employees when they start or those that protect new systems when they’re initially set up — must be changed as quickly as possible.

These requirements will be enforced with software where possible.

Protecting passwords

Employees may never share their passwords with anyone else in the charity, including co-workers, managers or administrative assistants. Everyone who needs access to a system must create his or her own unique password.

Employees may never share their passwords with any outside parties, including those claiming to be representatives of an organisation with a legitimate need to access a system.

Employees should take steps to avoid phishing scams and other attempts by hackers to steal passwords and other sensitive information. All employees will receive guidance on how to recognize these attacks.

Employees must refrain from writing passwords down and keeping them at their workstations. See above for advice on creating memorable but secure passwords.

Shared accounts should be avoided where possible. If a shared email account is needed, this should be set up by the Support Systems Officer using Gmail’s delegated access function, so that the login credentials can still be owned by a single employee and not shared.

If the security of a password is in doubt – for example, if it appears that an unauthorized person has logged in to the account – the password must be changed immediatel

Retrieved from "https://policy.handcrafted.org.uk/index.php?title=Electronic_Devices_and_Passwords_Policy&oldid=341"