What constitute a sufficiently complex password?
a. a minimum of 7 characters b. alphanumeric with at least one digit c. changed as a minimum every 90 days d. not re-used within 20 password changes In addition, procedures should be in place to ensure users are aware of the need to not use any part of their assigned account name, not share their password with anyone, and not to write down their password anywhere.