[vc_row content_placement=”middle”][vc_column width=”2/3″][vc_wp_text]
[/vc_wp_text][vc_empty_space][/vc_column][vc_column width=”1/3″][vc_wp_text][xyz-ips snippet=”metadatatime”]
[/vc_wp_text][/vc_column][/vc_row][vc_row content_placement=”middle”][vc_column width=”2/3″][vc_column_text]
The proper password policy is just as important as any other IT security solution. The password policy determines what requirements a new password must meet and how long it will last. The following rules are recommended for a good password policy:
- User account passwords must be at least 10 or more characters. For domain admins, use passphrases at least 15 characters. A good passphrase is easy to remember, write, but it’s hard to crack because of its length.
- Passwords should use small and large letters, numbers, and special characters. Don’t include the user’s name (or first name), and should not use the same characters three times in a row. If possible, do not allow the same words to be repeated one after another (e.g.: threethreethree).
- At password change, use password history to prevent previous passwords from being reuse. Be at least history for the last 10 passwords.
- Passwords should be changed every 90 days and the passphrases every 180 days. Changed passwords should not be replaced for 3-7 days, preventing the user from reusing his / her old passwords.
- Local administrator passwords should be changed every 180 days and the service account passwords every year.
- You will be notified the users by email about passwords that are close to expiry so that they can change their passwords before the expiration date.
Because a company has a lot of systems / services that use different passwords, you may want to choose a corporate-level password management solution (e.g.: Keeper, Thycotic Secret Server, CyberArk Enterprise Password Vault, LastPass, Lieberman RED Identity Management, Dashlane, One Identity, 1Password). You can safely store passwords in these, for which you can also set permissions. It is enough to know a password for the password management service, but it is also worth using two-factor identification.