Password Policy and Best Practices
Purpose
Strong passwords are a critical first line of defence against unauthorised access to Global Bank systems and data. This policy establishes the minimum requirements for password creation, usage, and management across all corporate platforms. All employees, contractors, and third-party users with access to bank systems must comply with this policy.
Policy Reference: IT-SEC-001
Effective Date: 1 January 2025
Review Date: 1 January 2026
Applies To: All users with access to Global Bank systems
Password Requirements
| Requirement | Standard Accounts | Privileged Accounts |
|---|---|---|
| Minimum length | 14 characters | 20 characters |
| Complexity | Must include at least 3 of 4: uppercase, lowercase, numbers, special characters | Must include all 4 character types |
| Maximum age | 90 days | 60 days |
| Password history | Last 24 passwords cannot be reused | Last 36 passwords cannot be reused |
| Account lockout | 5 failed attempts (30-minute lockout) | 3 failed attempts (manual unlock required) |
| MFA required | Yes | Yes (FIDO2 key mandatory) |
Password Creation Best Practices
Use a Passphrase
We strongly recommend using a passphrase rather than a traditional password. A passphrase is a sequence of random words that is easy to remember but difficult to guess. For example:
- Strong passphrase:
Marble-Telescope-River-94! - Weak password:
Summer2025!(predictable pattern)
What to Avoid
- Dictionary words on their own, even with character substitutions (e.g.,
P@ssw0rd). - Personal information such as names, birthdays, or employee IDs.
- Sequential or repeated characters (e.g.,
aaaaaa,123456). - The same password used on any personal or external account.
- Passwords based on the bank's name, department names, or system names.
Password Management
Approved Password Manager
Global Bank provides CyberArk Workforce Password Manager to all employees. This tool securely stores and auto-fills passwords for corporate applications. You are strongly encouraged to use it for all work-related credentials.
- The password manager is available as a browser extension and desktop application.
- It is pre-installed on all corporate devices and can be activated through the Software Centre.
- Your password vault is protected by your corporate credentials and MFA.
Do Not
- Write passwords on paper, sticky notes, or whiteboards.
- Store passwords in unencrypted files, spreadsheets, or emails.
- Share passwords with colleagues, managers, or IT staff. No Global Bank employee will ever ask for your password.
- Use personal password managers (e.g., LastPass, 1Password personal accounts) for corporate credentials.
Password Reset Procedure
- Navigate to passwordreset.globalbank.com.
- Enter your username and verify your identity through MFA.
- Create a new password that meets the complexity requirements.
- If you are unable to reset your password through the self-service portal, contact the IT Service Desk. You will be required to verify your identity through security questions and a callback to your registered phone number.
Service and System Accounts
Service accounts and system accounts are managed by IT Operations and must comply with the following additional requirements:
- Minimum password length of 30 characters, randomly generated.
- Passwords stored and rotated through CyberArk Privileged Access Management (PAM).
- Rotation every 30 days (automated).
- No interactive logon permitted; service accounts must be restricted to specific services and servers.
Breach Notification
If you suspect that your password has been compromised, you must:
- Change your password immediately through the self-service portal.
- Report the incident to IT Security at itsecurity@globalbank.com or Ext. 2200.
- Monitor your account for unusual activity and report any anomalies.
Contact
- IT Security Team: itsecurity@globalbank.com | Ext. 2200
- IT Service Desk: servicedesk@globalbank.com | Ext. 2000