Password policy

Date approved: 9 Jun 2026

Approved by: Martin Remmelgas

Password Requirements

• Minimum Length = 12 characters
• Special Characters = No
• Password Reuse = No
• Password expiration = No
• Multi-factor authentication (MFA) = Yes, whenever possible

To make a secure password you can remember, consider using a combination of 5 or more random words. Security questions like “What is your favorite color? What is your mother’s maiden name?”, etc should be answered with a random non-obvious word or set of words. You can generate answers in 1Password and store them as a note. This helps ensure the answer isn’t easily guessable and will be unique across different sites.

Password Management

• Passwords are to be kept private and secured.
• Passwords must be stored in 1Password or another approved password manager application and may be pasted from this using a master password function.
• Individual account passwords are not to be shared.
• Passwords are not to be stored in clear text or be written down.
• Password “hints” are not to be used. If a password is forgotten, a mechanism must be in place to replace a password/passphrase with sufficient controls to verify the identity of the requester of the password reset.
• If an account or password is suspected to have been compromised, immediately report the incident to your Team Lead and promptly follow instructions.