Your user accounts can be compromised due to weak and non-expiring passwords. If you don’t have a password policy, we recommend you implement one ASAP! The policy we choose can depend on the security requirements of the organization, however, our starting point for most companies is:
- Minimum 8 characters
- Must include an upper case letter, lower case letter, and a number
- Change passwords every 90 days
- Don’t allow the last four passwords to be used
As a guideline, recommendations for strong passwords are:
- Use passphrases instead of passwords. For instance, use the first letter from each of the words in the phrase “The Quick Brown Fox Jumps Over The Lazy Dogs!” – TqBfJoTlD! would be the passphrase.
- Don’t use the word password, a child’s name, dates of birth or a pet’s name – or any other personally identifiable information.
- Don’t use adjacent keyboard combinations, such as 123456 or qwerty
- Don’t write passwords down or store them in a file on your computer or mobile device