This is the current Scomis Password Policy (which has been based on the Devon County Council Password Policy) which is applied to the Scomis Managed Services. We also recommend that schools adopt this policy for their own school networks.
Scomis Password Policy:
- Minimum Password Length = 8, i.e. Your password will need to be at least 8 characters long
- Password Complexity = Enabled, i.e Your password will need to contain 3of the following:
- Uppercase Letters [A-Z]
- Lowercase letters [a-z]
- Numbers [0-9]
- Special Characters for example [(£%&*@?)]
- The password does not contain three or more characters from the user’s account name.
- If the account name is less than three characters long, this check is not performed because the rate at which passwords would be rejected is too high. When checking against the user’s full name, several characters are treated as delimiters that separate the name into individual tokens: commas, periods, dashes/hyphens, underscores, spaces, pound-signs and tabs. For each token that is three or more characters long, that token is searched for in the password; if it is present the password change is rejected. For example, the name “Erin M. Hagens” would be split into three tokens: “Erin,” “M,” and “Hagens.” Because the second token is only one character long, it would be ignored. Therefore, this user could not have a password that included either “erin” or “hagens” as a substring anywhere in the password. All of these checks are case insensitive.
- Maximum Password Age = 42 days, i.e You will need to change your password every 42 days
- Minimum Password Age = 2 days, i.e. You cannot change your password more than once in a two day period
- Password History = 24, i.e. You cannot re-use any of your previous 24 passwords
Microsoft article on applying a strong password policy.