A strong, unique password is among one of the top recommendations for any cybersecurity plan. Strong passwords prevent unauthorized access to your employees’ accounts and devices. Having a strong password policy is key to helping safeguard your organization’s information.
So, what makes a strong password policy?
- Have Complexity Requirements: Passwords must contain a mix of upper and lowercase letters, a special character, and a number. Set the minimum number of characters a password must have. On average, most password policies require an 8 – 15-character password. Every extra character in a password increases the level of difficulty for hackers. Additionally, set protocols that the password cannot contain the user’s name or other identifying information.
- Check Weak Passwords: The most common password is “123456” followed closely by “password” and “qwerty.” Set guidelines around passwords to ensure that employees are not using some of the most common passwords, and set a protocol to ensure consecutive letters or numbers are not used.
- Enforce Password Age Resets: Require a setting for how long a password can be used before the employee is required to change it. The best practice is to configure a 90 – 120-day restriction for how long a password can be used.
- Restrict Password Reuse: Do not allow employees to reuse an old password or even a variation of an old password. Many users will want to reuse an old password since it is easier to remember; however, it is a best practice to enforce password history, with at least 5 previous passwords.
- Encourage a Unique Password: 73% of users have the same password for multiple sites, and 33% of people are using the same password every time. Having a unique password requirement protects your business in case of an employee’s information is compromised elsewhere.
- Use Multi-Factor Authentication: Multi-factor authentication (MFA) adds an extra layer of security. While a strong password is the first line of defense, it does not need to be the only one. By enabling multi-factor authentication, users will need to provide an additional credential for identification.
A strong password policy is the first step in your organization’s defense against cyber threats.