PS-08-006 Password Authentication

Issue Date: 3/20/2008

Effective Date: 3/20/2008

Review Date: 12/1/2023

PURPOSE

Passwords are an important aspect of computer security. They are often the only means for authenticating users and the front line of protection for user accounts.  Failure to use a password or using a poorly chosen password when accessing state of Georgia information assets may result in the compromise of those assets.  It is the responsibility of every agency to implement authentication mechanisms such as passwords to access sensitive data and the responsibility of the user to appropriately select and protect their passwords.

SCOPE and AUTHORITY

O.C.G.A 50-25-4(a)(10) – State Government, Georgia Technology, General Powers

O.C.G.A 50-25-4(a)(21) - State Government, Georgia Technology, General Powers

PM-04-001 – Information Technology Policies, Standards and Guidelines

PS-08-005 – Enterprise Information Security Charter

TERMS and DEFINITIONS

Authentication - the process of attempting to verify the digital identity of system users or processes.

POLICY

Passwords shall be the minimum acceptable mechanism for authenticating users and controlling access to state information systems and applications unless specifically designated as a public access resource.

All users (employees, contractors, and vendors) with access to state information systems shall take the appropriate steps to select and secure their passwords.

RELATED ENTERPRISE POLICIES, STANDARDS, GUIDELINES

Password Security (SS-08-007)

Strong Password Use (SS-08-008)