3 of 3
Requirements on use and management of passwords
After you sign the individual acknowledgment and undertaking
(Part D), the department will issue you with a user guide, a unique
logon ID and a temporary password enabling you to access
Centrelink Business Online Services by going to
It is important that when you receive your temporary password,
you change it to one that is easy to remember but difficult for
anyone else to guess. The department treats any person who
enters a user password as if they are that particular user.
All access to Centrelink Business Online Services is logged and
monitored, and you are accountable for all access logged against
your User ID.
In order to make it more difficult for somebody else to guess your
password, the department has the following rules for passwords
that can be used:
• the password must contain a minimum of 5 characters and a
maximum of 8 characters
• passwords must include at least one letter (a-z, A-Z) and one
• a minimum of 24 hours must elapse between the time you
change your password and any subsequent change
• passwords are case sensitive.
Passwords must not contain information which may be known
by other people for example, choosing a password, which
• significant dates (e.g. family birthdays, anniversaries, etc.)
• family names (e.g. children, partner, parents, pets, etc.)
• favourite things (e.g. colours, football teams, songs, etc.)
• passwords should not Include a word that appears in a
dictionary. Some hackers use a computer with a dictionary
program to guess passwords
• passwords that are used for other internet sites should not be
used as not all internet sites are secure, even if they require
a password. Hackers can sometimes find passwords on
unsecure sites and then use them to get into more secure
• passwords should not contain the first letters of the words
from a song, poem or saying they find easy to remember.
Once you have chosen a secure password, you must make sure
that nobody else discovers what the password is.
• Passwords should not be written down where they might be
accessible by others.
• Passwords should not be given to any other person or user.
• Do not use their password when people can see what is being
• Passwords expire after 90 days and must be changed for
continued access to Centrelink Business Online Services.
• Passwords cannot be the same as your last 8 passwords.
Part D — Individual acknowledgment and undertaking
You have been nominated to be given access to Centrelink Business
Online Services. You must complete and sign the following individual
acknowledgement and undertaking before being given access.
Each new staff member registered as a new user, requires a separate
Part D (page 3).
• will only access Centrelink Business Online Services as required
for the performance of my duties as an employee of the Business.
• will only make any enquiries or provide information using Centrelink
Business Online Services with the consent of the customer.
• will not allow access to information provided through this service
to any unauthorised person.
• understand that, social security law and family assistance law
provide that if a person intentionally makes a record of, discloses
or otherwise makes use of protected information without
authorisation, that person is guilty of an offence. The penalty
imposed on conviction is imprisonment for up to 2 years.
• have read, understand and will comply with the requirements on
use and management of passwords (on page 3) including:
– not sharing my password with any other person
– not allowing any person to access Centrelink Business Online
Services using my login details
– will log off as soon as practical after I have finished
– not leave my computer terminal unattended whilst logged in to
Name of staff member
Privacy and your personal information
Personal information is protected by law, including the
Privacy Act 1988
, and is collected by the Australian Government
Department of Human Services for the assessment and
administration of payments and services.
Information may be used by the department or given to other
parties for the purposes of research, investigation or where agreed
or it is required or authorised by law.
You can get more Information about the way in which the
Department of Human Services will manage personal information,
by requesting a copy from the department.
On completion of this form,
please print and sign by hand
click to sign
click to edit