Password Security Policy
Create Strong Password
The foundation of password security is creating a strong password. Here are the key attributes that define a strong and secure password:
At least 12 characters long, but 14 or more characters will be even stronger.
Utilize a combination of numbers, symbols, uppercase, and lowercase letters.
Must be different from the passwords you have used before.
Should be simple for you to remember but difficult for others to infer. Here is a great example from Microsoft: "6MonkeysRLooking^".
Our Password Standards
Passwords cannot be the same as the login username.
Passwords cannot contain the user’s name and surname.
Passwords cannot be visible on the screen.
The password length must be at least 12 characters and it should be created to include at least three of the following: lowercase letters, uppercase letters, numbers, and symbols.
The last five used passwords cannot be reused. The minimum password age is configured as one day (24 hours) to get past this control.
The use of spaces is not allowed in passwords.
Consecutive letters or numbers cannot be used in a password. (Example: 123, abc, dcba, 4321)
Generic, shared, public, and group passwords will not be given.
The user must change the password after the first use.
The account will be locked for 5 minutes if an incorrect password is entered 10 times within a 20-minute period.
Passwords are stored in the database after being encrypted.
Password examples are as follows;
Correct Password Examples: AnTkk?27!6973, IsTaRRTkd&34Jk
Incorrect Password Examples: canakkale, 1234567890
Weak Password Examples: Istanbul12345, Ankara06
Secure Your Passwords
After you’ve created a secure password, adhere to these instructions to ensure its security:
Don’t share your password with anyone, including a friend or family member.
Never send your passwords via e-mail, instant message, or any other unsafe communication tool.
Use a unique password for each website. If malicious actors steal your account information on one site, they will try to use those credentials on hundreds of well-known websites, such as banking, social media, or online shopping, hoping that you reuse the password elsewhere.
If you don’t want to memorize multiple passwords, you might want to contemplate using a password manager. Password management tools automatically update stored passwords, maintain encryption, and mandate multi-factor authentication for access.
Writing down your password is acceptable as long as you keep them secure. However, refrain from writing them on sticky notes or cards placed near the items the passwords protects, even if you believe you've concealed them effectively.
Immediately change the passwords of accounts you suspect may have been compromised.
Activate multifactor authentication (MFA) whenever available. MFA mandates the use of multiple credentials for accessing an account such as requiring both a password and a one-time code generated by an application. This adds an additional security layer, particularly in situations where your password is guessed or stealed.