Updated on 2024-09-25 GMT+08:00
How Do I Set a Secure Password?
Comply with the following rules:
- Use a password with high complexity.
The password must meet the following requirements:
- Contains at least eight characters.
- Contain at least three types of the following characters:
- Uppercase letters (A-Z)
- Lowercase letters (a-z)
- Digital (0-9)
- Special characters
- The password cannot be the username or the username in reverse order.
- Do not use common weak passwords that are easy to crack, including:
- Birthday, name, ID card, mobile number, email address, user ID, time, or date
- Consecutive digits and letters, adjacent keyboard characters, or passwords in rainbow tables
- Phrases
- Common words, such as company names, admin, and root
- Do not use empty or default passwords.
- Do not reuse the latest five passwords you used.
- Use different passwords for different websites and accounts.
- Do not use the same pair of username and password for multiple systems.
- Change your password at least once every 90 days.
- If an account has an initial password, force the user to change the password upon first login or within a limited period of time.
- You are advised to set a locking policy for all accounts. If the consecutive login failures of an account exceed five times, the account will be locked, and will be automatically unlocked in 30 minutes.
- You are advised to set a logout policy. Accounts that have been inactive for more than 10 minutes will be automatically logged out or locked.
- You are advised to force users to change the initial passwords of their accounts upon their first login.
- You are advised to retain account login logs for at least 180 days. The logs cannot contain user passwords.
Parent topic: Baseline Inspection
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
The system is busy. Please try again later.