03-01-2002
rev: 1.0

Due to the fact that passwords are one of the weakest points of system security, HomeLink Computer Services requires the use of secure passwords.

HomeLink Computer Services will make the final determination on whether a password is secure or insecure. HomeLink Computer Services will rely mainly on industry-standard password creation principles in making such a determination.

A customer may request a password change at any time and, if the requested password is deemed secure by HomeLink Computer Services, the password will be changed in the timeliest manner possible.

If a situation arises in which changing a password is urgent and a secure password is not supplied by the customer to HomeLink Computer Services or the customer cannot be contacted within an appropriate amount of time, HomeLink Computer Services will issue a password of its own creation to the customer. The password may be changed by a valid request.

When new accounts are setup, HomeLink Computer Services will issue passwords of its own creation unless the customer requests that a different, secure password be used.

The following criteria will be used in determining if a password is secure:

Secure passwords are:

• At least eight characters long AND;
• Random, complex combinations of upper and lower case letter, number, and/or symbols and punctuation marks.

Insecure passwords are:

• The same as, related to, or based on the associated username OR;
• The same as, related to, or based on passwords or usernames used on other computer, networks, or systems OR;
• A simple pattern OR;
• A word (in any language, dialect, or jargon) or name (of any person, place, event, pet, etc.) OR;
• Based on, or a derivation of, a word or name OR;
• Based on or related to any previous password OR;
• Based on or derived from any information (name, address, phone number, birthday, Social Security number, email address, web address, hobbies, license plate number, location, birth place, etc.) related to the customer or to HomeLink Computer Services or its staff OR;
• Based on or derived from any information related to any individual, business, social group, or organization associated with the customer or HomeLink Computer Services or its staff (relatives, friends, clubs, work place, co-workers, employer, etc.).

HomeLink Computer Services encourages its customers to take the following precautions regarding their passwords:

• Memorize passwords and do not write them down or store them unencrypted.
• Passwords can be cracked much more easily if a username is known. Therefore, do not be careless with a username or other access information.
• Keep track of who has knowledge of a password and change the password if any person who has it should no longer have access to the account.
• Do not give a password to someone who is not fully trusted, especially if that person has an above average knowledge of computer systems.