How To Create A Password Policy for Your Company
Cyber threats and cyber attacks are on an exponential increase. Hackers are doing all they can, more extensive and faster, to get into your infrastructure and take what they want. Data and Money is their aim, so protecting your company from these attacks is paramount.
A robust password policy across your organization can significantly reduce your cyber threat by ensuring that user credentials follow a stringent configuration requirement.
What is a Password Policy?
A password policy contains a set of configuration parameters that determines how passwords can be set and created. It will dictate the password length, password complexity, password uniqueness, password change frequency, password memory and even how passwords are stored.
The policy should be mandatory and enforced via the technology as so unless it meets the criteria set; no user will sign in.
There are many organizations and frameworks such as GDPR, NIST and HIPPA that advise on data and access security, and these also recommend that passwords be secure. Depending on your location, customer base and data requirements, you should ensure that you follow the respective guidelines to stay compliant.
6 Things Your Password Policy Must Contain?
1. Password Length: The password length policy should be a minimum of 12 alphanumeric characters with a special character included.
2. Password complexity: Ensure that there is password complexity enabled. This stops passwords such as passw0rd123 being used.
3. Account Lockout: Enable an account lockout setting so that it is automatically locked after 3 failed attempts. Do not enable auto-unlocked after x minutes. For security, an administrator should always check the account before re-enabling it.
4. Inactive account lockout: If an account has not been used for four weeks (or similar), ensure that it is locked.
5. Enable Multi-Factor Authentication: It is probably one of the most critical user access security capabilities that a company should use. MFA provides an extra layer of protection should a user’s password be compromised.
6. Password dictionary: Put in place a password list lookup that the system does to check for common compromised passwords used. This ensures users cant put in something easy to guess or that has been routinely used.
The above six steps will significantly reduce your cyber threat risk when it comes to password hacking. They are relatively easy to implement changes that any IT Support team can adopt.
Your passwords are critical, so ensuring that you have a robust password policy can be the difference between an easy hack or thwarted.
If you require IT support or advice on password policy, Teck Genius would be more than happy to assist.
If you like the sound of the ‘hands-off’ experience and having your IT and Cybersecurity taken care of by highly trained professionals, we would love to hear from you. Call our friendly team of experts on 0345 314 2001 for a relaxed chat about how we can make all this happen for you.
Alternatively, feel free to email us from our contact page here.
Our team is ready and waiting to help in any way they can.