While sharing is in season, USPS® employees must never share their user IDs and passwords, or permit others to use them to access Postal Service™ information resources, such as systems, applications, and electronic devices. Sharing user IDs and passwords is a violation of USPS corporate policy (see about.usps.com/handbooks/as805.pdf#page=130).
Sharing user IDs and passwords could compromise Postal Service networks or our reputation. Passwords are the first line of defense for protecting Postal Service information resources and must not be shared or stored in application codes, files, or tables. USPS employees must also never send passwords in clear text via email to provide access to a system, an encrypted document, or an archive.
Additionally, all users are responsible for the actions performed on Postal Service information resources under their user ID. Anyone given access to another user’s login information could intentionally or unintentionally compromise the user’s accounts or perform unauthorized actions in their name.
Further, USPS employees and contractors must never log in using the ID and passwords of those who have left the organization. Managers must ensure that personnel who have been transferred or terminated, or whose job responsibilities have changed, no longer have access to Postal Service information resources. Managers must advise system and database administrators of the final disposition of files and data.
Stay CyberSafe this holiday season by not sharing your login credentials. For more information about cybersecurity best practices, visit the CyberSafe at USPS® websites on Blue (blue.usps.gov/cyber) and LiteBlue (liteblue.usps.gov/cyber), or the external website at uspscybersafe.com.
— Corporate Information Security Office,
Chief Information Security Officer
and Digital Solutions, 12-20-18
