Standards Group:
YALE-MSS-9: Authentication and Authorization
YALE-MSS-9.2: Utilize secure passwords for authentication
Low Risk Endpoint
Required
Moderate Risk Endpoint
Required
High Risk Endpoint
Required
Low Risk Server
Required
Moderate Risk Server
Required
High Risk Server
Required
Low Risk Mobile Device
Not Required
Moderate Risk Mobile Device
Required
High Risk Mobile Device
Required
Low Risk Network Printer
Required
Moderate Risk Network Printer
Required
High Risk Network Printer
Required
Details
Passwords, a secret phrase or string of characters, are an important line of defense to protect accounts, data, and your identity.
This standard applies to all user accounts, administrative accounts, service accounts, and API keys.
For a strong password:
- Create passwords that contain 15 or more characters
- Use a passphrase, where possible. A passphrase is a string of words with spaces for example:
- My motto is lux et veritas
- I have the biggest dog on my street
- Do not use the same password for different accounts
If a device forces the use of a PIN, the PIN must be at least four characters long and not use repetitive or sequential patterns (e.g., 1111, aaaa, or 1234).
For API keys, rotate the password every 90 days.
Additional information can be found at the link below.