Password Policy
A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them adequately based on the company’s definition.
The scope of a password policy is not limited to the password minimum requirements but the whole life cycle of a password (such as manipulation, storage, and transmission).
Password Policy Standards
Some security standards include a section for password policies or password guidelines. Here is a list of the most common:
- password expiration
- Change your password periodically (e.g., 90 days) to be more secure
Password Policy Recommendations
- Minimum of 8 characters.
- Include uppercase and lowercase letters.
- Include at least one number.
- Include at least one special character.
- It should not be the username.
- It should be changed every 60 days.
Inlanefreight01!and successfully registers his account. Although this password complies with company policies, it is not secure and easily guessable because it uses the company name as part of the password
Cn easily be mutated from keywords list some blacklisted words, which include, but are not limited to:
- Company’s name
- Common words associated with the company
- Names of months
- Names of seasons
- Variations on the word welcome and password
- Common and guessable words such as password, 123456, and abcde
Enforcing Password Policy
For example, if we use Active Directory for authentication, we need to configure an Active Directory Password Policy GPO, to enforce our users to comply with our password policy.
Creating a Good password
Let’s use PasswordMonster, a website that helps us test how strong our passwords are, and 1Password Password Generator, another website to generate secure passwords.