Last review date: 15 Aug 2018

1. Summary

We take the security of our volunteers’ information extremely seriously. The passwords for online login are the key method of protection of user data. This document proposes a common standard for passwords used by registered users of the Join Dementia Research service.

Through using the combination of a username* and password we are able to demonstrate that a person is who they claim to be. We can protect system user information, and maintain the confidence of external organisations in our data safeguarding processes.

This policy sets out the best practice with regard to passwords, in particular how complex they should be, how to change them and how to keep them safe.

2. Password Standard

Passwords:

  • must have a minimum of eight characters
  • should contain at least one uppercase letter (A-Z),
  • should contain at least one lowercase letter (a-z),
  • should contain one numeric character (0-9)
  • Long passphrases (random collections of words stuck together) are regarded as the best practice and hardest to crack, whilst still remaining memorable to users.
  • All reasonable precautions should be taken to keep passwords secret and to ensure they cannot be easily guessed or derived by others.

The following password characteristics should be avoided:

  • anything obviously related to the password owner (names of relatives, friends or pets, birthdates, user-ID)
  • use of words found in a dictionary, in slang, jargon or dialect or any existing passwords currently in use for personal online accounts.

3. Creating and Changing Passwords

3.1 ​When a new password is set up for a new user, the new password should normally be generated and communicated to the user in such a way that no-one else becomes aware of the new password.

3.2​ If a User forgets their password, this must be reset by either:

  • visiting Join Dementia Research website and clicking on ‘Forgotten password/username’ at the top of the homepage.
  • calling the charity Helplines to request a new password. Contact details can be found at the bottom of this policy.

4. Disclosing Passwords

4.1​ Passwords should not be disclosed to anyone for any purpose other than fault reporting. On such occasions you will be required to disclose your password to a member of the System Administrator Team. At no other time will you be asked by a member of Join Dementia Research for your password.

4.2​ Attempts to discover someone else’s password are not permitted.

5. Shared Passwords

It is expected that passwords may be shared at times between a volunteer/representative. This must be kept to a minimum. Where a user believes their password to be compromised or no longer secure, this must be reset by following those instructions detailed in 3.2 above.

6. Safeguarding Passwords

All reasonable measures must be taken to safeguard passwords against accidental disclosure. Taking the following steps will help reduce this risk:

  • don’t reveal your password to anyone you don’t want to know it.
  • if you suspect a password has been compromised you can change it by either:

a. logging in to Join Dementia Research, then clicking on ‘My Account’ at the top of the page. You will then have the option to change your password, and security questions;

b. contacting one of the charity Helplines

7. Contact Details

7.1 Logging onto the service – go to​ ​www.joindementiaresearch.nihr.ac.uk

7.2 Contact the team –

7.3 Contact one of the charity helplines –

Alzheimer Scotland
0808 808 3000
24 hours per day,
7 days per week
(Scotland)
Alzheimer’s Research UK
0300 111 5 111
9am – 5pm, Mon – Fri
(UK wide)
Alzheimer’s Society
0300 222 11 22
9am – 8pm, Mon – Wed
9am – 5pm, Thurs & Fri
10am – 4pm, Sat & Sun
(England, Wales & Northern Ireland)

Calls to Alzheimer Scotland are free. Calls to Alzheimer’s Research UK and Alzheimer’s Society cost no more than a national call from any type of phone or provider and calls are included in any free call packages on landlines and mobiles.

*For researchers and network staff using the registers, this username will be their work email address. For volunteers this can be a name or email address.