Passwords best practice


Section 4.11.2.3 of the Department's ICT Security Policy states that "A formal process shall be established to manage and control the allocation of passwords".

Additionally, the Best Practice – Password Management guidelines state:
  • Passwords must be changed regularly.
  • We recommend you set up your secret questions and answers before you change your password. This will be helpful if you forget your new password.
  • Passwords must be ‘Complex 7’, i.e. they must:
  • contain at least seven characters and a maximum of 32 characters
  • contain at least one character from at least three of the following sets:
    • uppercase letter (A-Z)
    • lowercase letter (a-z)
    • numeral (0-9)
    • special character such as ()~`#$*&@^
  • Your password must be different from your last eight passwords and you can’t just change a number on the end (such as Work2Live1, Work2Live2, Work2Live3 etc)
  • your password must be changed 3 times per year
  • Passwords must be kept secure and confidential
  • If you are logged on but have been inactive for more than 10 minutes your computer is automatically locked. You will need to log in again
  • Users must terminate active connections when access is no longer required
  • You must lock your screen when you leave your computer
  • You are accountable for any use or access to Departmental systems with your UserID
  • You must not store your passwords on or near your computer and you should only keep a paper record of your password if it can be stored securely
  • You must not use anyone else’s UserID or password
  • Don't use family or pet names or dictionary words in your password
Warning - This portal is provided for DEECD personnel only.
Any attempted misuse of this portal will be severely dealt with under the full extent of the law.