Passwords best practice

Section of the Department's ICT Security Policy states that "A formal process shall be established to manage and control the allocation of passwords".

Additionally, the Best Practice – Password Management guidelines state:
  • Passwords must be changed regularly.
  • We recommend you set up your secret questions and answers before you change your password. This will be helpful if you forget your new password.
  • Passwords must be ‘Complex 7’, i.e. they must:
  • contain at least seven characters and a maximum of 32 characters
  • contain at least one character from at least three of the following sets:
    • uppercase letter (A-Z)
    • lowercase letter (a-z)
    • numeral (0-9)
    • special character such as ()~`#$*&@^
  • Your password must be different from your last eight passwords and you can’t just change a number on the end (such as Work2Live1, Work2Live2, Work2Live3 etc)
  • your password must be changed 3 times per year
  • Passwords must be kept secure and confidential
  • If you are logged on but have been inactive for more than 10 minutes your computer is automatically locked. You will need to log in again
  • Users must terminate active connections when access is no longer required
  • You must lock your screen when you leave your computer
  • You are accountable for any use or access to Departmental systems with your UserID
  • You must not store your passwords on or near your computer and you should only keep a paper record of your password if it can be stored securely
  • You must not use anyone else’s UserID or password
  • Don't use family or pet names or dictionary words in your password
Warning - This portal is provided for DEECD personnel only.
Any attempted misuse of this portal will be severely dealt with under the full extent of the law.