Picking a Good Password is an important aspect of computer security. A poorly chosen password may result in unauthorized access and/or exploitation of systems and resources. All users, including clients, contractors and vendors with access to Welgo systems, are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.

When Picking a Good Password, try to create passwords that are both secure and can be easily remembered. One way to do this is create a password based on a saying, song title, affirmation, or other phrase.

For example: “This May be 1 Way 2Remember”

This password is long, uses Upper and Lower Case characters, Numbers and punctuation (spaces) and uses these in a non-natural or grammatically incorrect manor. It can be remembered easy and typed quickly and naturally making it harder for people to catch by looking over your shoulder and even if someone guessed it they would still need to know exactly how you have typed or modified it. You could also use a variant of this such as:

 

“THIS may be1 way2 REMEMBER”

“TmB1w2R3m3mb3r!”

“Tmb1W>r3meber~”

“This£May $e 111 Way 2 R3m3mb3r”

or some other weird and wonderful variation, the weirder the better!

(NOTE: Do not use either of these examples as passwords!)

 

Refresh Periods

 

All passwords should be changed on at least a quarterly basis.

When Picking a Good Password remember, Length beats complexity every time however the strongest passwords have the following characteristics:

Contain at least three of the five following character classes:

Lower case characters
Upper case characters
Numbers
Punctuation
“Special” characters (e.g. @#$%^&*()_+|~-=\`{}[]:”;'<>/ and space etc)
Contain at least twenty (20) alphanumeric characters.

 

Weak passwords or Passwords with the following characteristics are prohibited:

  • A password containing less than twenty (16) characters.
  • A password which contains a word found in a dictionary (English or foreign) unless it is a combination of at least 4 such words constructed in such a way so as to meet the minimum standards set out above.
  • The password is a common usage word such as:
  • Names of family, pets, friends, co-workers, fantasy characters, names of celebrities or other persons of note, sports team names or player’s names, etc.
  • Computer terms and names, commands, sites, companies, hardware, software.
  • The words “Ramsay Information Technology “, “Ramsay”, “Ramsay.it” or any derivation or derivation of and clients name.
  • Birthdays and other personal information such as addresses and phone numbers.
  • Word or number patterns like aaabbb, qwerty, zyxwvuts, 123321,123456789 etc.
  • Any of the above spelled backwards.
  • Any of the above preceded or followed by a digit (e.g., secret1, 1secret).
  • Any dictionary word with numbers replacing characters in a predictable or formulaic manner such as “w00d”, “5p0rt” or “313ph4nt” etc.

Password Protection Standards:

  • Always use different passwords for each account / website and use different passwords from other non-Company accounts or personal accounts.
  • Passwords should never be written down or stored in on-line password managers.
  • Do not reveal a password in email, chat, or other electronic communication.
  • Do not speak about a password in front of others.
  • Do not hint at the format of a password (e.g., “my family name”).
  • Do not reveal a password on questionnaires or security forms.
  • Always decline the use of the “Remember Password” feature of applications such as web browsers.

 

If an account or password is compromised or you have any reason whatsoever to suspect it may have been compromised in anyway you must report the incident to your Managment team and to the Welgo IT Team.
Most importantly off all use Two Factor authentication where available and remember When Picking a Good Password, Length beats complexity every time.

 

It is also important to note that Google has never ever been hacked, however individual user accounts have been compromised multiple times by persuading users to reveil thier passwords. Google users are being targeted in this way because the Google System itself is secure.