Sun. Jan 22nd, 2023

Password policies

Your password policy should balance the need for security with the need for usability. The following are good recommendations:

The primary goal of a more secure password system is password diversity. You want your password policy to contain lots of different and hard to guess passwords. Here are a few recommendations for keeping your organization as secure as possible.

  • Maintain an 8-character minimum length requirement
  • Don’t require character composition requirements. For example, *&(^%$
  • Don’t require mandatory periodic password resets for user accounts
  • Ban common passwords, to keep the most vulnerable passwords out of your system
  • Educate your users to not re-use their organization passwords for non-work related purposes
  • Enforce registration for multi-factor authentication
  • Enable risk-based multi-factor authentication challenges

For a full document, please read this link.