Implementing a password policy in your company is an easy first step in protecting against costly cyberattacks. Modern hackers are using advanced password software that can use a variety of methods to gain your login information. To combat these hackers and protect your data, strong password guidelines is key. Below are password policy best practices you can easily implement across your organization to act as the first line of defense against a data breach.
Password Policy Best Practices
Having strict password standards in your company lowers the chances that hackers will be able to get access to your network. Implementing a strong password policy and revisiting it regularly will make sure you are staying on top of the latest hacking strategies. An effective password policy will include guidelines around:
Lockout rules will cause an account to be inaccessible due to too many failed login attempts, usually after a period before the account will self-reenable. Setting the password lockout to three or four attempts will slow the process of a password being guessed and potentially flag an account as being under attack.
Creating guidelines around password age will require a periodic password change for all users. We recommend changing passwords every 60 days. Keeping a password for a long period of time allows a hacker to have a prolonged amount of time for identifying a password. Additionally, there is a higher probability that the password will be reused or identified on the dark web.
Restrictions of Reusing Passwords
Reusing the same account password that was used previously on an organizational account is an extension of the password age parameter above, the longer a password is in use, the more time a hacker has to crack the password. We recommend your system remembering the last 24 passwords so an account is not able to reuse.
Password Complexity Requirements
Password complexity slows the process of a password being identified. Complexity requirements should include using uppercase letters, lowercase letters, numbers and symbols for every password created.
Password Length Requirements
Password length also slows the process and lessens the odds that a password would be guessed. We recommend using passwords of 14 characters or more.
Many of these policies are all within the same place on your network server. If your environment is large enough that it has centralized management, such as a domain controller, you can enforce the settings among your group all at once. If a domain controller is not present, applicable settings will have to be applied individually.
Anders Technology can help you develop a strong password policy and implement cybersecurity best practices to protect you and your organization. Contact an Anders advisor to see how we can help you mitigate security risk and defend against a costly cyberattack.All Insights