Update Password Guideline.md

2026-01-24 18:18:42 +00:00 · 2022-07-25 11:10:56 +02:00 · 2022-07-25 11:10:56 +02:00 · 9b382d019d
commit 9b382d019d
parent db793ca7fc
1 changed files with 6 additions and 4 deletions
--- a/Guidelines/IT/Password
+++ b/Guidelines/IT/Password
@ -1,6 +1,8 @@
-# Password Guideline
+# IT Security

-## Format
+## Password
+
+### Format

 Passwords protect confidential company data, as well as customer and supplier data. The length and the combination of different character types (i.e. lower case letters, upper case letters, numerics and special characters) can have a significant impact on the strength of a password. For this reason the IT department should configure the password settings if possible in such a way that the following format must be used:

@ -10,11 +12,11 @@ Passwords protect confidential company data, as well as customer and supplier da
 * At least one special character
 * At least one numerical character

-## Change interval
+### Change interval

 Additionally, if it is possible to define a password change interval it should be set to once a year. This way passwords don't become stale and in case of a password leak get rotated out. Shorter password change intervals could lead to friction for the employees resulting in a security fatigue. 

-## Additional protection
+### Additional protection

 For direct server access ssh keys must be used instead of passwords. In addition, these ssh keys should be password protected according to the above mentioned format specifications. If possible second factor authentication should be enabled for direct server access. This second factor authentication should be bound to the owner of the ssh key (i.e. SMS authentication, app authentication, ...)