Contact

Access to online services

Euskera

Password policy

This Password Policy aims to establish the guidelines and minimum requirements for the creation, management, use and protection of passwords in the information systems that FREMAP makes available to users external to the entity and is mandatory for all of them.

In order to ensure an adequate level of security, all passwords used to access FREMAP applications must meet, at a minimum, the following criteria:

  • Have a minimum length of eight (8) characters.
  • Include at least one capital letter (A–Z).
  • Include at least one lowercase letter (a–z).
  • Include at least one numeric digit (0–9).
  • Do not contain the user's account name or parts of the user's full name in more than two consecutive characters.
  • Be significantly different from the 3 previous passwords used.

Passwords are strictly personal and non-transferable. It's forbidden:

  • Sharing passwords with third parties under any circumstances.
  • Writing down passwords on paper, in unencrypted files, or using other insecure means.
  • Storing passwords in browsers, applications, or tools that do not meet security standards.

Passwords must be changed at least every 365 days or when there is suspicion or evidence of compromise, unauthorized access or a security breach.

The system will automatically block the account for 10 minutes after 3 consecutive failed attempts. The applications provide users with the means to reset their password online.

Failure to comply with this policy may result in:

  • Revocation of access.
  • Legal action if the breach causes damages or liabilities for FREMAP.

This policy will be reviewed periodically to ensure its compliance with current legal, regulatory and technological requirements.

This Password Policy is established in accordance with the provisions of Royal Decree 311/2022, of May 3, which regulates the National Security Scheme (ENS), and, in particular, with the basic principles and protection measures relating to access control, authentication and credential protection, applicable to information systems that provide services or process information in public sector entities or collaborators of this sector.