Password Policy
Last review date: November 2022
This document proposes a common standard for passwords used by registered users of the Join Dementia Research service.
Secure passwords enable us to protect our users’ data and maintain the confidence of external organisations in our data safeguarding processes.
This policy sets out our password standards and how to change your password.
Password standard
Volunteer passwords must:
- have a minimum of eight characters
- contain at least one uppercase letter (A-Z),
- contain at least one lowercase letter (a-z),
- contain at least one numeric character (0-9)
- Contain at least one special character (_.,:;~+*=<>%!#$&?@^`’/”(){|})
Researcher and staff passwords must:
- must have a minimum of ten characters
- should contain at least one uppercase letter (A-Z),
- should contain at least one lowercase letter (a-z),
- should contain at least one numeric character (0-9)
- Contain at least one special character (_.,:;~+*=<>%!#$&?@^`’/”(){|})
The Join Dementia Research system won’t allow passwords that are too commonly used. We also recommend that all users choose a password that adheres to the following guidance:
- Long passphrases (random collections of words stuck together) are regarded as the best practice and hardest to crack, whilst still remaining memorable to users.
- All reasonable precautions should be taken to keep passwords secret and to ensure they cannot be easily guessed or derived by others.
The following password characteristics should be avoided:
- anything obviously related to the password owner (names of relatives, friends or pets, birthdates, user-ID)
Changing your passwords
You can change your password at any time, either by using the Forgotten Password link on the Join Dementia Research website, or by logging into your account and selecting “My Account” at the top of the page.
You can also contact us if you would like help with changing your password.
We particularly urge users to change their password any time they suspect it may have been compromised.