...

This wiki page is SWAMIDs template Password Policy including password complexity and password guessing rate limiting. In this page there is an example in Swedish with an additional translation to English how to create an environment that establish a resonable security level to fulfil both SWAMID Identity Assurance Level 1 Profile and SWAMID Identity Assurance Level 2 Profile. For SWAMID Identity Assurance Level 3 Profile multi-factor login is used to establish a resonable security level and the password can be part one of the factors in a multi-factor login.

The Acceptable use Policy and the Password Policy could be merged into one Accept Use Policy.

Swedish template Password Policy

...

Som användare av [ORGANISATION] informationssystem ansvarar du själv för att

• att dina lösenord uppfyller den kvalitet och hantering som anges i denna policy genom att
  • att bestå av minst [ANTAL] tecken.
  • att bestå av minst en versal, minst en gemen och antingen minst ett specialtecken eller en siffra.
• att du håller dina lösenord hemliga genom att
  • att aldrig uppge dina lösenord till någon som efterfrågar dem via e-post, i telefon eller på annat sätt.
  • att aldrig använda samma lösenord i andra system.
• att du ändrar ditt lösenord om du fått kännedom om att säkerheten runt ditt lösenord har äventyrats.

...

As a user of the computer systems at [ORGANISATION], you are yourself responsible for the following:

• that your passwords fulfil the quality and usage described in this policy
  • to consist of at least [NUMBER] of characters.
  • to consist of at least one capital letter, at least one lowercase letter and either at least one special character or a number.
• that you keep your passwords secret through
  • to never give your passwords to anyone who requests them by email, phone or otherwise.
  • to never use the same password in other systems. 
• that you change your password if you know it has been compromised.

...