Password policy

Please note that as this policy is periodically reviewed and updated, if you print it from the website, its accuracy cannot be guaranteed for more than a 24 hour period following printing.

Password Selection and Changing

The Hampshire Fire and Rescue Services password quality policy, which shall be automatically enforced within systems where possible, is as follows.

Passwords shall be kept confidential
Passwords shall not be shared
Passwords shall not be stored on paper, software file or hand held device
If you think a password has been compromised change it immediately
Passwords shall be changed at least every three months except where otherwise agreed with the IS Department.
Power-on passwords and local screen lock passwords shall not be restricted in this way
When changing your password, staff shall not use one that you have used recently for that account
Passwords shall have a minimum of 6 characters, and shall contain at least one non-alphabetic character
Passwords shall not be the same as your user id or name, and shall not be easily guessed by someone who knows you well
Passwords used for business purposes shall not be the same as used for non-business purposes
Temporary passwords shall be changed at first login
Passwords shall not be included in any automated logon process

In addition, easily-guessed passwords, particularly those in the categories listed below, shall not be used:

Car makes and models
Car/telephone/room numbers
Common forenames
Surnames
Colours
Simple keyboard sequences (e.g. QWERTY)
Seasons, days of month, days of week
Words associated with computers generally, with software/hardware
Common vulgarities
Sports
Commonly used general words
Obvious words associated with system, User-id or local government
Common Beverages
The word – password

Here is a list of "do not's":

Do not reveal a password over the phone to ANYONE
Do not reveal a password in an email message
Do not reveal a password to the boss
Do not talk about a password in front of others
Do not hint at the format of a password (e.g., "my family name")
Do not reveal a password on questionnaires or security forms
Do not share a password with family members
Do not reveal a password to co-workers while on vacation
Do not use the "Remember Password" feature of software applications

If someone demands a password, refer them to the Service’s password policy or ask them to contact the IS Service Desk.

General Password Construction Guidelines

Poor, weak passwords have the following characteristics:

The password contains less than eight characters
The password is a word found in a dictionary (English or Foreign)
The password is a common usage word such as:
Names of family, pets, friends, co-workers, fantasy characters, etc.
Computer terms and names, commands, sites, companies, hardware, software.
The words "HFRS", or any derivation.
Birthdays and other personal information such as addresses and phone numbers.
Word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc.
Any of the above spelled backwards.
Any of the above preceded or followed by a digit (e.g., secret1, 1secret)

Strong passwords have the following characteristics:

Contain both upper and lower case characters (e.g., a-z, A-Z)
Have digits and punctuation characters as well as letters e.g., 0-9, !@#$%^&*()_+|~-=\`{}[]:";'<>?,./)
Are at least eight alphanumeric characters long, (strongest 14+)
The use of passwords based on a mnemonic such as an easily remembered phrase by taking the first letter of each word in a phrase, then add a few special characters or numbers to it. For example, "lend me your ears" can become "lmye4%".
Is not a word in any language, slang, dialect, jargon, etc?
Are not based on personal information, names of family, etc.
Passwords should never be written down or stored on-line. Try to create passwords that can be easily remembered.
(Minimum password of all administrator logins for hardware are 8+ and include all the best practices of strong passwords.)

If you want to check your password strength then visit the Microsoft Password checker web page