Passwords are an important aspect of computer security. They are the front line of protection for user accounts. A poorly chosen password may result in the compromise of the County's entire network. As such, all County Users are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.
General
User passwords will expire every 120 days, a new password must then be selected. Cook County MIS has set up our workstation environment to force this change. You will receive messages reminding you to change your password a few days before it expires. (Also, the system will never allow you to repeat a password.) You can however, change your password anytime you want to.
Password should be of sufficient complexity so that they are not easily guessed. So, don’t use items such as your spouse, children or pet names. In general, phone numbers, addresses, names and other information that are tied to your personal identity make poor passwords.
General Password Construction Guidelines
County systems will require the use of strong passwords. Strong passwords have the following characteristics:
- Are at least twelve alphanumeric characters long
- Contain at least three of the four following characteristics:
- Lower case characters (a-z)
- Upper case characters (A-Z)
- Numbers
- Special characters and punctuation (!@#$%^&*()_+|~-=\`{}[]:";'<>?,./
Try to create passwords that can be easily remembered. One way to do this is to create a password based on a song title, affirmation, or other phrase. For example, the phrase, “I love fishing” could become a password such as “!L*vef1shing”.
(NOTE: do not use the example provided above as a password.)
Password Protection Standards
Do not use the same password for Cook County accounts as for other non-Cook County access (e.g., personal email account, option trading, benefits, etc.).
Do not share Cook County passwords with anyone, including administrative assistants.
All passwords are to be treated as sensitive, Confidential Cook County information.
Here is a list of "don’ts":
· Don't reveal a password over the phone to ANYONE
· Don't reveal a password in an email message
· Don't reveal a password to the boss
· Don't talk about a password in front of others
· Don't hint at the format of a password (e.g., "my family name")
· Don't reveal a password on questionnaires or security forms
· Don't share a password with family members
· Don't reveal a password to co-workers while on vacation
If someone demands a password, refer them to this document or have them call the MIS Helpdesk.
Do not use the "Remember Password" feature of applications or websites.
Do not write passwords down and store them anywhere in your office. Do not store passwords in a file on ANY computer system (including smart phones or similar devices) without encryption.
If an account or password is suspected to have been compromised, report the incident to MIS and change all passwords.