Help Center/ Host Security Service/ FAQs/ Baseline Inspection/ How Do I Set a Secure Password?
Updated on 2024-06-28 GMT+08:00
View PDF
Share

How Do I Set a Secure Password?

Comply with the following rules:
  • Use a password with high complexity.

    The password must meet the following requirements:

    1. Contains at least eight characters.
    2. Contain at least three types of the following characters:
      1. Uppercase letters (A-Z)
      2. Lowercase letters (a-z)
      3. Digital (0-9)
      4. Special characters
    3. The password cannot be the username or the username in reverse order.
  • Do not use common weak passwords that are easy to crack, including:
    • Birthday, name, ID card, mobile number, email address, user ID, time, or date
    • Consecutive digits and letters, adjacent keyboard characters, or passwords in rainbow tables
    • Phrases
    • Common words, such as company names, admin, and root
  • Do not use empty or default passwords.
  • Do not reuse the latest five passwords you used.
  • Use different passwords for different websites and accounts.
  • Do not use the same pair of username and password for multiple systems.
  • Change your password at least once every 90 days.
  • If an account has an initial password, force the user to change the password upon first login or within a limited period of time.
  • You are advised to set a locking policy for all accounts. If the consecutive login failures of an account exceed five times, the account will be locked, and will be automatically unlocked in 30 minutes.
  • You are advised to set a logout policy. Accounts that have been inactive for more than 10 minutes will be automatically logged out or locked.
  • You are advised to force users to change the initial passwords of their accounts upon their first login.
  • You are advised to retain account login logs for at least 180 days. The logs cannot contain user passwords.
Parent topic: Baseline Inspection