Information Technology Policies and Standards

Title
Passwords
Type
Standard
Related Policy
User ID Security
Category
Security
Status
Superseded
Approved
12/03/2009
To Be Reviewed
12/03/2011
Scope
Applies to user accounts on all City systems capable of setting user password complexity.
This replaces the "Novell NetWare Login Passwords" standard.
Standard
  • Passwords shall contain at least eight characters including a number or special character.
  • Passwords shall be set to expire in 90 days.
  • Passwords shall not be reused for three cycles or one year.
  • Accounts shall be locked after 5 unsuccessful attempts.
  • When possible, Active Directory is to be used for system authentication.
  • Its is recommended that passwords should not contain words that can easily be guessed like "password", your child's name, your dog's name, etc. and should not be written down in an accessible location.
Rationale
The City of Albuquerque's network and information systems provide the technical foundation for the conduct of its operational and administrative missions. It is essential that these systems and the data they process be operated and maintained in a secure environment. Account holders are held responsible for all activities associated with their accounts, and thus the strength and protection of passwords is critical to ensuring that unauthorized activity does not become associated with an account. The intent of this standard is to establish the minimum requirements for acceptable passwords and the processing requirements for information systems managing them.

Contact: Tom Obenauf, (505) 768-2994