Summit CPA has joined Anders. See how we are achieving our highest potential — together. Learn More

October 7, 2021

Is Your Password Policy Strong Enough to Outsmart Cybercriminals?

October is National Cybersecurity Awareness Month, and while keeping up with the latest cyber threats is a year-round responsibility, this month we’re sharing tips to raise awareness about the importance of cybersecurity. We understand that for many businesses, getting started is the hardest part. Implementing a password policy in your company is an easy first step in protecting against costly cyberattacks.

Modern hackers are using advanced password software that can use a variety of methods to gain your login information. To combat these hackers and protect your data, strong password guidelines is key. Below are password policy best practices you can easily implement across your organization to act as the first line of defense against a data breach.

Password Policy Best Practices

Having strict password standards in your company lowers the chances that hackers will be able to get access to your network. Implementing a strong password policy and revisiting it regularly will make sure you are staying on top of the latest hacking strategies. An effective password policy will include guidelines around:

Password Lockout

Lockout rules will cause an account to be inaccessible due to too many failed login attempts, usually after a period before the account will self-reenable. Setting the password lockout to three or four attempts will slow the process of a password being guessed and potentially flag an account as being under attack.

Password Age

Creating guidelines around password age will require a periodic password change for all users. Our recommendations align with the Center for Internet Security, who suggests changing passwords at least every 365 days or earlier if there is an indicator of compromise, change of user roles or a user leaves the organization. 

Restrictions of Reusing Passwords

Reusing the same account password that was used previously on an organizational account is an extension of the password age parameter above, the longer a password is in use, the more time a hacker has to crack the password.  We recommend your system remembering the last 24 passwords so an account is not able to reuse.

Password Complexity Requirements

Password complexity slows the process of a password being identified. Complexity requirements should include using uppercase letters, lowercase letters, numbers and symbols for every password created.

Password Length Requirements

Password length is a common yet important debate in the cybersecurity industry. A longer password slows the hacking process and lessens the odds that the password would be guessed. Some governance organizations and authorities, such as the Center for Internet Security and Microsoft, suggest maintaining passwords with at least 8 characters and multi-factor authentication (MFA) enabled. We recommend using passwords of 14 characters or more and all accounts with remote access or administrative rights to have MFA enabled.

Many of these policies are all within the same place on your network server. If your environment is large enough that it has centralized management, such as a domain controller, you can enforce the settings among your group all at once. If a domain controller is not present, applicable settings will have to be applied individually.

Anders Technology can help you develop a strong password policy and implement cybersecurity best practices to protect you and your organization. Contact an Anders advisor to see how we can help you mitigate security risk and defend against a costly cyberattack.

All Insights

Keep up with Anders

Want to keep up with all the latest insights from Anders? Subscribe and receive the information that matters to you.