Password Policy Document
Purpose:
- Enhance the security of the organization's information systems by implementing a regular password rotation procedure.
Frequency of Rotation:
- Users must change their passwords at least every 90 days by default.
- Organizations may specify intervals such as every 30, 60, 90, 180, or 270 days.
Password History:
- Users cannot reuse their last five passwords.
- New passwords cannot be identical to the previous one.
Limit on Password Changes:
- Maximum of five attempts for password changes in a single day.
Notifications and Reminders:
- Users receive notifications via email, app, or pop-ups starting 7 days before password expiration.
- Notifications continue until the day of expiry.
- Failure to change password within specified timeframe may result in account lockout.
Notification Prompt:
- Users receive a notification alerting them to their password's expiration.
- Upon clicking the notification, users are directed to the app.
- A pop-up message cautions users about potential loss of unsynchronized tasks and offers the option to proceed with password change or cancel.
Password Change Process:
- If users proceed with password change, they are automatically logged out.
- Upon attempting to log back in, users are prompted to change their password as a security measure.