Password Selection and Security Guidelines
On the basis of risk analysis, the Security Policy lays down both procedures and roles in data protection. The quality of the Security Policy is assured in accordance with ISO/IEC 27002:2013.
The international standard encompasses a set of rules and techniques for information security management, including guidelines for the protection of information and information systems. The guidelines contained herein are taken from the above mentioned information security standard.
- Passwords MUST always remain confidential.
- Passwords must NEVER be written down or shared with anyone (neither co-workers nor superiors or technical staff).
- Passwords used in information systems of the University of Maribor MUST NOT BE USED in other information systems (e.g. online banking, other e-mail systems, such as Gmail, social networking sites, such as Facebook).
- Passwords must be changed on a regular basis (recommended password validity on servers: 1 year).
- The "remember password" feature in browsers must be disabled.
When changing passwords, please make sure that you have changed (saved) all passwords on all devices and in all systems (e.g. eduroam on mobile devices). Otherwise, access will be denied if you try to log in with your old password.
- The new password should not contain more than three of the same letters of the existing password.
- Passwords should be at least 8 characters long (a combination of at least one lowercase and one uppercase letter and at least one number (between 0 and 9) or symbol (e.g. $ or @).
- Passwords should not contain a dictionary word, your username (or one of its part) or the name of your department.
If you believe that working with information systems of the University of Maribor in accordance with the above mentioned guidelines is impossible, please inform your superior or the University's Computer Centre. Together we will find an appropriate solution.