Password Policy

Password Policy

Introduction

anDREa is committed to protecting the security of its business information in the face of incidents and unwanted events and  has implemented an Information Security Management System (ISMS) that is compliant with ISO/IEC/27001:2013, the international standard for information security.

The purpose of this document is to describe anDREa’s Password Policy.

This document will be updated at least annually and when significant change happens. 

Password Policy

  1. Passwords require to be compliant with
    1. Microsoft recommendations for all Microsoft resources
    2. For all other resources use recommendation on Wikipedia:
      1. Use a minimum password length of 10 or more characters if permitted.
      2. Include lowercase and uppercase alphabetic characters, numbers and symbols if permitted.
      3. Generate passwords randomly where feasible.
      4. Avoid using the same password twice (e.g., across multiple user accounts and/or software systems).
      5. Avoid character repetition, keyboard patterns, dictionary words, letter or number sequences.
      6. Avoid using information that is or might become publicly associated with the user or the account, such as username, ancestors' names or dates.
      7. Avoid using information that the user's colleagues and/or acquaintances might know to be associated with the user, such as relative or pet names, romantic links (current or past) and biographical information (e.g., ID numbers, ancestors' names or dates)..
      8. Do not use passwords which consist wholly of any simple combination of the aforementioned weak components.
  2. Passwords are not subject to an expiration date
  3. Password managers are allowed to be used
  4. It is recommended to use services like:https://haveibeenpwned.com/ 


    • Related Articles

    • Log-On Policy

      Introduction anDREa is committed to protecting the security of its business information in the face of incidents and unwanted events and  has implemented an Information Security Management System (ISMS) that is compliant with ISO/IEC/27001:2013, the ...

    • ISO 27001 - Overview & Statement of Applicability

      Introduction This page is the stepping stone to all ISO 27001 related policies and procedures. anDREa's Access Control Policy applies. Some documents, records especially, might not be accessible. Authorized access will be issued based on invitation ...

    • anDREa B.V. obtains ISO 27001 certification

      Version: 2022-09-15 TL;DR: anDREa B.V. obtained ISO 27001 certification. Feel free to download the certificate (attached at the bottom). Introduction anDREa B.V. is committed to protecting the security of its business information in the face of ...

    • AI/LLM Use Policy

      Version: 1.0 Valid until: 2025-03-26 Classification: Low Version Management Version Author(s) Change(s) Date approved 1.0 Stefan van Aalst Edward Robinson Initiation document 2024-03-26 Purpose & Background anDREa B.V. (hereafter called anDREa) ...

    • Retention & Destruction Policy

      Version: 2.0 Valid until: 2025-04-12 Classification: Low Version Management Version Author(s) Change(s) Date approved 1.0 Stefan van Aalst Edward Robinson Initiation document 2022-06-08 1.1 Edward Robinson Additions/changes as part of the periodic ...