Skip to content

Password Policy

1.0 Overview

All users that have access to the Vitae website must adhere to the password policies defined below in order to protect the security of the website, protect data integrity, and protect Vitae’s computer systems.

2.0 Scope

This policy applies to any and all users who have any form of website account requiring a password.

3.0 Password Protection

  • Never write passwords down.
  • Never send a password through email.
  • Never include a password in a non-encrypted stored document.
  • Never tell anyone your password.
  • Never reveal your password over the telephone.
  • Never hint at the format of your password.
  • Never reveal or hint at your password on a form on the internet.
  • Report any suspicion of your password being broken to Vitae’s IT team.
  • If anyone asks for your password, refer them to Vitae’s IT team.
  • Don’t use part of your login name in your password.
  • Don’t use parts of numbers easily remembered such as phone numbers, social security numbers, or street addresses.
  • Consider using a ‘three random words’ pass phrase as recommended by the National Cyber Security Centre on the web page linked to at the bottom of this page.
  • Be careful about letting someone see you type your password.

4.0 Password Requirements (subject to change)

  • Minimum Length – 8 characters.
  • Maximum Length – N/A.
  • Passwords are case sensitive (login ID is not case sensitive).
  • Passwords cannot contain certain symbols (“,%,&,?,<,>,/,\,+,=,-,+,*, :, .)

5.0 Choosing Passwords

Use password choosing tips as shown at:

https://www.ncsc.gov.uk/blog-post/three-random-words-or-thinkrandom-0

https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/password-managers

https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/security/a-guide-to-data-security/passwords-in-online-services/