GENERAL ORDERS LINCOLN POLICE DEPARTMENT
SUBJECT: INFORMATION TECHNOLOGY SECURITY
TITLE: PASSWORD POLICY
EFFECTIVE DATE: JUNE 1, 2025
REVISION DATE:
ACCREDITATION: ALABAMA ASSOCIATION OF CHIEFS OF POLICE (AACOP)
APPROVAL: CHIEF DARREN E. BRITTON
Embedded Files
PASSWORD POLICY
1106.1 PURPOSE AND SCOPE
The purpose of this policy is to establish a standard for the creation of strong passwords and the protection of those passwords. This policy includes all personnel who have or are responsible for an account (or any form of access that supports or requires a password) on any system that resides at any Lincoln Police Department facility, has access to the Lincoln Police Department network, or stores any non-public Lincoln Police Department information.
1106.2 POLICY
This policy provides a guideline to the best practices for creating secure passwords that will be used within the Lincoln Police Departments' systems, hardware, and network.
Passwords are a critical component of information security. Passwords serve to protect user accounts; however, a poorly constructed password may result in the compromise of individual systems, data, or networks.
1106.3 GUIDELINES
Strong passwords are long. The more characters you have, the stronger the password. We recommend a minimum of 14 characters in your password. In addition, we highly encourage the use of passphrases (Passwords made up of multiple words.) Examples include "It's time for vacation" or "block-curious-sunny-leaves."Passphrases are both easy to remember and type yet meet the strength requirements.
(a) Poor or weak passwords have the following characteristics:
Contain eight characters or less.
Contain personal information such as birthdates, addresses, phone numbers, or names of family members, pets, friends, and fantasy characters.
Contain letter or number patterns such as, aaabbb or 123321, zyxwvuts, qwerty, or 123321
Are some version of "Welcome123" "Password123" "Changeme123"
In addition, every work account should have a different, unique password. To enable users to maintain multiple passwords, we highly encourage the use of 'password manager' software that is authorized and provided by the organization. Whenever possible, also enable the use of multi-factor authentication.
1106.4 POLICY COMPLIANCE
The Information Technology Unit will verify compliance to this policy through various methods, including but not limited to, periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the policy owner.
1106.4.1 EXCEPTIONS
Any exception to the policy must be approved by the Information Technology Unit, and the Chief of Police, and prior authorizations that have been obtained.
1106.4.2 NON-COMPLIANCE
An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
These policies and operating procedures are not designed to cover every possible scenario or situation in society, but rather to define standard operating procedures for members of the Lincoln Police Department. These guidelines are subject to past, present and future judicial review. These guidelines can be amended and or repealed by the Chief of Police as necessary. The policies and procedures herein provided supersede all previous policies and orders.
Page updated
Google Sites
Report abuse