Passwords must be strong. You must ensure that your password can not be guessed easily. Some systems will automatically ensure that certain minimum requirements are met, on others you must choose something sensible yourself.
A password must contain at least twelve characters. Longer passwords may be required for privileged access, for access to sensitive information or to mission-critical systems.
A password must contain combinations of at least three of the following categories: uppercase letters, lowercase letters, numbers and special characters.
Do not use user names or dates as part of a password.
A password must be changed regularly.
A password is strictly personal. Never give out your password to anyone. Not to your colleagues, not to your friends, not to your family.
If someone sends you an email asking for your password, delete the email.
If someone sends you a password via email, login and change the password immediately.