Michigan CyberSecurity - Password Security

Michigan.gov Home	Cyber Security Home \| Contact Us


>	Security at Work for State of Michigan Employees

>	SOM Acceptable Use Policy

>	Staying Secure

Printer Friendly Text Only Version

Password Security

Passwords

Passwords should contain a minimum of 8 alphanumeric characters (a mix of upper and lower case) including at least one special character or number, whenever possible.
Passwords should not be displayed or shared with anybody.
Use a password that can be typed quickly, without having to look at the keyboard. This makes it harder for someone to steal your password by looking at your keyboard (also known as "shoulder surfing").
Change passwords regularly. Passwords should be changed at least every 60 days or when compromise is suspected.
The more critical or sensitive the information (administrator, medical information, personnel information, etc.), the more frequently the password should be changed. A changed password stops someone who has already compromised an account from continued access .
Do not use shared accounts. Accountability for group access is extremely difficult.
Do not use a password from information easily obtained about you. For example: pet names, license plate numbers, telephone numbers, identification numbers, the brand of your automobile, your street name, etc. Such passwords are very easily guessed by someone who knows you.
System default and initial passwords should be changed immediately upon receipt.


	Related Content
•	NIST Guidelines on Cell Phone and PDA Security (Draft)
•	NASCIO:At Risk! Securing Government in a Digital World (Video)
•	Protecting State of Michigan Sensitive Information (Video)
•	NIST's Information Security Handbook: A Guide for Managers
•	Confidential Information
•	Workstation Security
•	Physical Security
•	Common Threats and Viruses
•	Mobile Worker Challenges
•	Internet and Dial-up Access at Work
•	Understanding Security at Work
•	Employee Responsibilities