The URL can be used to link to this page

Home My WebLink AboutF07.0 Password Security �'l3llRl�ll `Y 111CJ- 1' E A S CITY OF GRAPEVINE ADMINISTRATIVE POLICY SUBJECT- PASSWORD SECURITY SECTION. F NUMBER: 7.0 PREPARED BY- Information Technology REVISED DATE: 02/01/2014 PAGE: 1 of 2 PURPOSE 7.1 The purpose of the Password Security policy is to ensure the City's computer system is secure. 7.2 Passwords are an important aspect of computer security. They are the front line of protection for employee accounts. A poorly chosen password may result in the compromise of the City of Grapevine's entire network. As such, all City of Grapevine employees, including contractors and vendors with access to City of Grapevine systems, are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords. POLICY 7.3 A password is required to access or log-in to the network. Each employee account must have a password. 7.4 For security reasons, temporary passwords are issued to activate an account. During the initial log-in the employee sets their first personal password. 7.5 Accidental or intentional release of password information exposes the network to a potential security breach. 7.6 The basic security measures for passwords used in the City of Grapevine are as follows.. 7.6.1 The minimum password length is eight characters. Anything less will not allow the employee to log-in. 7.6.2 The log-in name and the password must be typed correctly during the login process. The employee is allowed three opportunities to type the information correctly. If the information is not typed correctly, the account will be De-activated. Contact the IT department for re-activation. 7.6.3 Passwords must be changed every 120 days. The system notifies the individual when the password requires changing. �'l3llRl�ll `Y 111CJ- 1' E A S CITY OF GRAPEVINE ADMINISTRATIVE POLICY SUBJECT- PASSWORD SECURITY SECTION. F NUMBER: 7.0 PREPARED BY- Information Technology REVISED DATE: 02/01/2014 PAGE: 2 of 2 7.6.4 Passwords must be unique. The password must be different from the previous passwords selected by the individual. The password and log-in name can not be the same. 7.7 An account is allowed six "grace log-ins" after the password has expired. After using the expired password six times the account is disabled if the password is not changed when prompted. 7.8 Passwords must not be shared, published, posted, or otherwise transmitted. It is the responsibility of each employee to protect their password. Failure to comply may result in disciplinary action. No Supervisor or Department Head shall request or require an employee to disclose their password. 7.9 Requests for password change by the IT staff will only be honored from the account holder. The Director of IT must authorize requests for password change by any other individual. 7.10 During a scheduled absence an employee is not to share his account security information with another employee. The employee that is scheduled to be absent must have their Supervisor contact IT to make arrangements for access to the absent person's resources by another employee.