Password Policy

Passwords are an important aspect of computer security. A poorly chosen password may result in unauthorized access and/or exploitation of CodeBee.'s resources. All users, including contractors and vendors with access to CodeBee. systems, are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.

Purpose

The purpose of this policy is to establish a standard for creation of strong passwords and the protection of those passwords.

Scope

This policy covers appropriate use of any email sent from a CodeBee email address and applies to all employees, vendors, and agents operating on behalf of CodeBee.

Policy

Password Protection

• Passwords must not be shared with anyone. All passwords are to be treated as sensitive, Confidential CodeBee. information.
• Do not write passwords down and store them anywhere in your office.
• When passwords are stored in a file on a computer system or mobile devices (phone, tablet) it must have an AES 256 bits encryption or better.
• The "Remember Password" feature of applications (for example, web browsers) must be protected with a master password. The application must encrypt the stored passwords.
• Any user suspecting that his/her password may have been compromised must report the incident and change all passwords.

Password Creation

• All user-level and system-level passwords must conform to the Password Construction Guidelines.
• Users must not use the same password for CodeBee accounts as for other non-CodeBee access (for example, personal ISP account, option trading, benefits, and so on).
• Where possible, users must not use the same password for various CodeBee access needs.
• All passwords should meet or exceed the following guidelines:
  • Contain at least 12 alphanumeric characters.
  • Contain both upper and lower case letters.
  • Contain at least one number (for example, 0-9).
  • Contain at least one special character (for example,!$%^&*()_+|~-=`[]:";'<>?,/).
  • Cannot be found in a dictionary, including foreign language, or exist in a language slang, dialect, or jargon.
  • Must not contain personal information such as birthdates, addresses, phone numbers, or names of family members, pets, friends, and fantasy characters.
• Must not contain work-related information such as building names, system commands, sites, companies, hardware, or software.
• Must not contain number patterns such as aaabbb, qwerty, zyxwvuts, or 123321.
• Must not contain common words spelled backward, or preceded or followed by a number (for example, terces, secret1 or 1secret).
• May not be some version of “Welcome123” “Password123” “Changeme123”