What are your password policies?

By April 12, 2017Blog
password policies blog

Your user accounts can be compromised due to weak and non-expiring passwords. If you don’t have a password policy, we recommend you implement one ASAP! The policy we choose can depend on the security requirements of the organization, however, our starting point for most companies is:

  • Minimum 8 characters
  • Must include an upper case letter, lower case letter, and a number
  • Change passwords every 90 days
  • Don’t allow the last four passwords to be used

As a guideline, recommendations for strong passwords are:

  • Use passphrases instead of passwords. For instance, use the first letter from each of the words in the phrase “The Quick Brown Fox Jumps Over The Lazy Dogs!” – TqBfJoTlD! would be the passphrase.
  • Don’t use the word password, a child’s name, dates of birth or a pet’s name – or any other personally identifiable information.
  • Don’t use adjacent keyboard combinations, such as 123456 or qwerty
  • Don’t write passwords down or store them in a file on your computer or mobile device