Password and Security

This page provides access to system instructions regarding how to securely protect files.

The following guidelines apply to NYSERDA and personal accounts:

  • Passwords for all applications and websites should be changed bi-annually, be complex, contain a mix of numbers, symbols, capital and lowercase letters, and be at least 12 characters in length. In addition, passwords should not contain dictionary words or personal information.

  • Avoid storing your passwords insecurely such as the notes app on your phone. Instead, store passwords in a locked cabinet or password manager application.

  • Be aware of “shoulder surfing" in the office and in public; ensure nobody is peering over your shoulder when you are entering your password or other login credentials.

  • Turn on multi-factor authentication when available.

Information may be intercepted in motion when sending an email to an external stakeholder. Therefore, attachments must be converted to an Adobe, MS Word, or Excel (.xlsx) password protected file for information classified as having Moderate or High confidentiality before sending an encrypted email to an external stakeholder or emailing a State entity within the ITS domain.

For encrypted email, the content of the email is the only information that is encrypted. The password protected file ensures the information stays secure. Reference instructions on sending an encrypted email. The receiver of the email must have a Microsoft Account or be given a one-time password to access the information.

To password protect an Adobe Acrobat Pro PDF file:

  1. Save the file as a PDF.
  2. Open the PDF.
  3. Click on Tools (right side).
  4. Click on Protection.
  5. Select Encrypt. 
  6. Select Encrypt with Password. 
  7. Click Yes to change security of the document.
  8. Click Require Password to Open Document. 
  9. Enter a secure password per the guidelines (last bullet).

To password protect an Excel file (.xlsx only):

  1. Select Review.
  2. Select Protect Sheet.
  3. Enter a secure password per the guidelines below. Excel password protected files must be saved as .xlsx only to meet New York State encryption requirements.
  4. Please be sure to select .xlsx when saving the file. Files in the .xls format must be recreated and saved as a new .xlsx file. The .xls format does not meet NYS security requirements and may be hacked.
  5. Enter a secure password per the guidelines (last bullet).

To password protect a MS Word files: 

  1. Select File. 
  2. Select Info. 
  3. Select Protect Document.
  4. Then select the Encrypt with Password Option”
  5. Enter a secure password per the guidelines (last bullet).

Secure Password Guidelines:

  • The password should be provided over the phone or in a separate email. With so many email accounts compromised at other entities, it is recommended to transmit the password over the phone if possible.
  • The password must be changed every 90 days and contain 8 characters of upper/lower case, number, and special characters.

  • No labels