Employees must not share their passwords with anyone else in the organization or outside, including co-workers, managers, administrative assistants, IT staff members, family members etc. Everyone who needs access to a system will be given their own unique access.
All passwords should be reasonably complex and difficult for unauthorized people to guess. They should be at least eight characters long and contain a combination of upper- and lower-case letters, numbers, and punctuation marks and other special characters. These requirements will be enforced with software when possible. In addition to meeting those requirements, employees should also use common sense when choosing passwords. Avoid basic combinations that are easy to crack (names of children, pets et c). Never use a password that you are already using for a personal account or for another service.
If the security of a password is in doubt– for example, if it appears that an unauthorized person has logged in to the account — the password must be changed immediately. You are also required to inform IT asap, so that we can check the account and make sure it is safe.