How Do I Set a Secure Password?¶
Comply with the following rules:
Use a password with high complexity.
The password must meet the following requirements:
Contains at least eight characters.
Contain at least three types of the following characters:
Uppercase letters (A-Z)
Lowercase letters (a-z)
Digital (0-9)
Special characters
The password cannot be the username or the username in reverse order.
Do not use common weak passwords that are easy to crack, including:
Birthday, name, ID card, mobile number, email address, user ID, time, or date
Consecutive digits and letters, adjacent keyboard characters, or passwords in rainbow tables
Phrases
Common words, such as company names, admin, and root
Do not use empty or default passwords.
Do not reuse the latest five passwords you used.
Use different passwords for different websites and accounts.
Do not use the same pair of username and password for multiple systems.
Change your password at least once every 90 days.
If an account has an initial password, force the user to change the password upon first login or within a limited period of time.
You are advised to set a locking policy for all accounts. If the consecutive login failures of an account exceed five times, the account will be locked, and will be automatically unlocked in 30 minutes.
You are advised to set a logout policy. Accounts that have been inactive for more than 10 minutes will be automatically logged out or locked.
You are advised to force users to change the initial passwords of their accounts upon their first login.
You are advised to retain account login logs for at least 180 days. The logs cannot contain user passwords.