forked from docs/doc-exports
Li, Qiao
aafad2c14a
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com> Co-authored-by: Li, Qiao <qiaoli@huawei.com> Co-committed-by: Li, Qiao <qiaoli@huawei.com>
3.3 KiB
3.3 KiB
How Do I Set a Secure Password?
Comply with the following rules:
- Use a password with high complexity.
The password must meet the following requirements:
- Contains at least eight characters.
- Contain at least three types of the following characters:
- Uppercase letters (A-Z)
- Lowercase letters (a-z)
- Digital (0-9)
- Special characters
- The password cannot be the username or the username in reverse order.
- Do not use common weak passwords that are easy to crack, including:
- Birthday, name, ID card, mobile number, email address, user ID, time, or date
- Consecutive digits and letters, adjacent keyboard characters, or passwords in rainbow tables
- Phrases
- Common words, such as company names, admin, and root
- Do not use empty or default passwords.
- Do not reuse the latest five passwords you used.
- Use different passwords for different websites and accounts.
- Do not use the same pair of username and password for multiple systems.
- Change your password at least once every 90 days.
- If an account has an initial password, force the user to change the password upon first login or within a limited period of time.
- You are advised to set a locking policy for all accounts. If the consecutive login failures of an account exceed five times, the account will be locked, and will be automatically unlocked in 30 minutes.
- You are advised to set a logout policy. Accounts that have been inactive for more than 10 minutes will be automatically logged out or locked.
- You are advised to force users to change the initial passwords of their accounts upon their first login.
- You are advised to retain account login logs for at least 180 days. The logs cannot contain user passwords.
Parent topic: Weak Passwords and Unsafe Accounts