Passwords

Your passwords must protect Royal Mail Group's information

Information thieves are particularly keen to get their hands on a company’s usernames and passwords, and they use many sophisticated methods to acquire them. They might try to get you to reveal your password by sending you a "Phishing" email, or they might simply call you and ask for it. For example, by pretending to be a member of our own IT Service Desk team.

Imagine what competitors or criminals could do it they had unrestricted access to the Royal Mail Group IT system. That's why it's part of your employee responsibility to create strong passwords and keep them secure at all times.

Create strong passwords and keep them secure

A strong password is one that is easy to remember but impossible to guess. Here are Royal Mail Group's top tips for creating a strong password:

• Strong passwords are at least eight characters long
• Passwords should contain a mix of upper case and lower case letters, numbers and special characters (e.g. &%£!@)
• Never use dictionary words of acronyms in any language
• Never simply choose a word and add a number after it (e.g. password1), or use logical number replacements for letters within a word (e.g. pa55wOrd)
• Never use keyboard patterns (e.g. qwertyuiop or poiuytrewq) or sequential numbers (e.g. 12345678 or 87654321)
• Never use your username as a password
• Never use words that can be guessed easily by undertaking research about your life (e.g. family member names, pet names or your favourite sports team). All of this information may be readily available on social media (e.g. Facebook)
• Mobile device PINs must be at least four characters long, and must never use sequential numbers (e.g. 0000, 9999, etc.) or number sequences (e.g.1234, 9876, etc.)
• A good technique is to use a passphrase, which is a sentence that you turn into a password. For example, the password 1eF@c4L£f comes from a phrase "I eat fish and chips for lunch every Friday

How to create a passphrase

• Think of a phrase, song lyric or memorable sentence – “I eat fish and chips for lunch every Friday”
• Take the initial letters – YAMTSSFA
• Substitute some of the letters for logical numbers – YAMT5SFA
• Add logical special characters – Y@MT5$FA
• Vary the letter case – y@Mt5$Fa

Keep your password secure

In addition to creating a strong password, it's every employee's responsibility to keep their password protected at all times. Your passwords are classified Strictly Confidential, which means they must be handled extremely carefully:

• Never share your password with anyone, even if it your manager asking for it
• Never use the same password for different systems or devices
• Never write your password down?
• If you have been set up as a new user on the system, change the default password immediately
• Change your password every 90 days
• Never allow websites to remember your password
• Passwords can only be stored in an encrypted file
• Report compromised or potentially compromised passwords to the IT Service Desk immediately and change them immediately