1. Password must be a minimum 16 characters in length
2. Must contain at least one:
- upper case
- lower case
- digit/number
- and one metacharacter such as !@#$%^&*()_+|~-=\`{}[]:";'<>?,./)\
3. Password must not contain the account name (log-in name), given name or surname.
4. Staff should consider combining 2 or 3 words together with numbers and use a pass phrase. Examples – We@ryourmask_230, E@t_healthy_2day
5. TVDSB password should be unique to the board. Previous passwords cannot be reused
6. Staff can change their password when needed (e.g., if they suspect their account has been compromised)
7. No password age/expiration
8. Lockout threshold is 20 failed attempts, and a lockout duration is 10 minutes for all staff
9. All staff will be required to Multi Factor Authenticate (MFA) when accessing the board network offsite. Under normal circumstances, multi-factor authentication (MFA) is triggered every 14 days. However, if Microsoft intelligent machine learning analysis detects any sign-in risks—such as a change in location that suggests suspicious activity—it will prompt for MFA to verify the user’s identity