Document: Employee Password Policy

All employees must create passwords with at least 12 characters including uppercase letters, lowercase letters, numbers, and special characters.

Passwords must be changed every 90 days. Password reuse from the last 5 passwords is prohibited.

Multi-Factor Authentication (MFA) is required for:

• Email systems
• VPN access
• Internal admin dashboards

Employees must never share passwords through email, chat, or documents. Password managers approved by the company include 1Password and Bitwarden.