1. Purpose and Scope
The purpose of this Password Policy is to establish guidelines for creating, using, and managing passwords to protect the security and integrity of Speak Ai Inc.'s ("Speak Ai") information systems and data. This policy applies to all employees, contractors, third parties, and users of the Speak Ai product ("Speak").
2. Policy Statement
Speak Ai is committed to maintaining the highest security standards by enforcing strong password practices. This policy outlines password creation, management, and protection requirements to prevent unauthorized access to Speak Ai's systems and data.
3. Password Creation
Complexity Requirements: Passwords must meet the following complexity requirements:
Minimum length of 8 characters
Prohibited Elements: Passwords must not contain easily guessable information such as common words, phrases, or personal information (e.g., names, birthdays).
4. Password Management
Account Lockout: Accounts will be locked out after 3 failed login attempts within a minute. The account can be unlocked after a 1 minute period.
5. Password Protection
Confidentiality: Passwords must be kept confidential and not shared with anyone. Users are responsible for the security of their passwords.
Storage: Passwords must not be written down or stored in plain text. Passwords should be stored in secure password management tools approved by Speak Ai.
Phishing Awareness: Users must be aware of phishing attacks and avoid clicking on suspicious links or providing passwords in response to unsolicited requests.
6. Multi-Factor Authentication (MFA)
Requirement: Multi-factor authentication (MFA) is required to access critical systems and sensitive data. Speak Ai supports MFA through Google Workspace and is in the process of adding Microsoft Single Sign-On.
7. Administrative Access
Privileged Accounts: Users with privileged accounts must use separate, unique passwords for administrative tasks. Privileged account passwords must adhere to stricter complexity and expiration requirements.
Monitoring: Usage of privileged accounts will be monitored for any unusual or unauthorized activities.
8. Password Changes and Recovery
Password Changes: Users must change their passwords immediately if they suspect that their password has been compromised.
Password Recovery: Password recovery mechanisms must include secure verification processes to authenticate the identity of the user requesting the password reset.
9. Employee Training
Security Awareness: All employees and contractors must undergo regular security awareness training, including best password management and protection practices.
Ongoing Education: Continuous education programs will be conducted to keep users informed about the latest security threats and password protection techniques.
10. Compliance and Enforcement
Policy Compliance: All users must comply with this policy. Non-compliance may result in disciplinary actions, including termination of access to Speak Ai's systems.
Audits: Regular audits will be conducted to ensure compliance with this password policy. Any identified weaknesses will be addressed promptly.
11. Policy Review
This policy will be reviewed annually or as needed to ensure its effectiveness and alignment with industry best practices and emerging security threats. Changes to the policy will be communicated to all users.
12. Contact Information
For any inquiries or issues related to this Password Policy, please contact the IT Security Team at [email protected].