Scomis Password Policy

This is the current Scomis Password Policy (which has been based on the Devon County Council Password Policy) which is applied to the Scomis Managed Services.  We also recommend that schools adopt this policy for their own school networks.

Scomis Password Policy:

  • Minimum Password Length = 8, i.e. Your password will need to be at least 8 characters long
  • Password Complexity = Enabled, i.e Your password will need to contain 3of the following:
    • Uppercase Letters [A-Z]
    • Lowercase letters [a-z]
    • Numbers [0-9]
    • Special Characters for example [(£%&*@?)]
    • The password does not contain three or more characters from the user’s account name.
      • If the account name is less than three characters long, this check is not performed because the rate at which passwords would be rejected is too high. When checking against the user’s full name, several characters are treated as delimiters that separate the name into individual tokens: commas, periods, dashes/hyphens, underscores, spaces, pound-signs and tabs. For each token that is three or more characters long, that token is searched for in the password; if it is present the password change is rejected. For example, the name “Erin M. Hagens” would be split into three tokens: “Erin,” “M,” and “Hagens.” Because the second token is only one character long, it would be ignored. Therefore, this user could not have a password that included either “erin” or “hagens” as a substring anywhere in the password. All of these checks are case insensitive.

Related:

Microsoft article on applying a strong password policy.

 

Reviewed 25/08/2015

Posted in Encryption, General, Hosted Apps, Networking, Services, SIMS Learning Gateway, Technical and tagged , , , , , , , , , .