Usernames, passwords and encryption: Usernames and passwords may only be delivered by 2 different ways. Usernames may only be delivered separately by email. Passwords may only be delivered separately by a different route of mail. Strong passwords Password must be at least 6 characters, may include punctuation mark, letters and numbers. The password must be hard to crack by a dictionary attack, so if it has a word or a proper name, it must have at least two unrelated words or proper names. The ISM keeps all passwords in a master password file encrypted with a master password that is shared by the Owner. The password list includes the administrator password for all servers. Strong encryption Strong Encryption means using Winzip's AES-256 encryption (or Truecrypt's AES-256 encryption), and using our Password Policy.