The First Line of Defence in Electronic Security


The effective management of passwords is the first line of defence in the electronic security of any organisation. 

Benefits of a Password Procedure

  • Appropriate access for all staff;
  • Effective identity management and access auditing;
  • Preservation and protection of personal information entrusted to your care;
  • Protection of YOUR personal information.

Best Practices/Recommendations
When creating a password procedure, it is important to consider elements that can be enforced through software security settings. Items such as the minimum length of a password and expiry cycle for passwords are typically set through system software. 

Another important consideration when developing a password procedure is password retention. Even with the best procedures in place, passwords will be shared or otherwise become known over time, weakening security, so it is necessary to change them on a regular basis. Most systems allow the system administrator to set a parameter which causes passwords to expire and requires them to be reset by the user. This parameter is typically set for anywhere from 30 days to 90 days. Password expiry does add some additional workload for technical staff as users often forget their new passwords and need support to change them. This is where Trident Health can assist and provide easy to use solutions like Managed Password Protection. 

Best Practice When Creating a Password

  • Length of password - Passwords should be a minimum of six characters.
  • Mixed characters - Passwords should contain at least one of the following: upper- and lower-case letters, numbers, and special characters (@#$!% etc);
  • Password retention - Passwords should be reset on a regular basis and should expire after a set length of time. This can vary from 30 days to 60 days to 90 days;
  • Histories - Password histories should be maintained and set so that users cannot use the same password twice within a defined period. 


User Education
For the users’ protection, passwords created should be difficult to guess. The following points provide some guidance
on best practices for creating a password:

  • The password should not be the same as the username, even with a number or symbol added;
  • Passwords should not contain personal information such as street number or name, company name, date of birth, etc;
  • Passwords should never contain names of family members, pets, friends, or co-workers;
  • Passwords shouldn’t be a common phrase followed by a digit that is changed when the password expires.

Users should always follow these principles:

  • Do not share passwords with anyone. If there is an issue that requires you to do so, remember to change the password immediately after the issue has been resolved;
  • Never use the same password for work accounts as the one you have for personal use (banking, etc.);
  • Do not write down passwords or include them in an email;
  • Do not store passwords electronically unless they are encrypted;
  • Never use the “Remember Password” feature on any systems; this option should be disabled in systems where technically feasible.


There are many things to consider when developing a password procedure. Strict password procedures ensure greater security but require more user support and may result in a low compliance rate. Very relaxed password policies will likely result in higher compliance by users but may not provide adequate protection.

The key to an effective password procedure is to define a balance between the security needs of your organisation and its culture and to follow the guidelines defined.

For further details on how to secure your organisations IT security give Trident a call today. We will provide personalised and proven security measures to give you peace of mind.


  Domenic Lucarelli 
Senior Account Manager
Trident Health

< Go Back