Your organization can take every precaution to prevent a cyber-attack – firewalls, antivirus, antimalware, spam filter, etc. - but their greatest vulnerability is not lurking in the cyber shadows, they are sitting in your office. The failure to adhere to the employee password policy requirements could put your whole business at risk.
How to Enforce Password Policies for Your Business
Putting a password policy in place for your staff is only the first step towards ensuring a higher level of security. If this policy is not enforced, your staff could still be reverting to out-of-date password rules.
Fortunately, you don’t need to spend hours educating your team on password best practices to get peace of mind. You can enforce technical password requirements using the server located in your office or in the cloud.
7 technical password policy requirements
To protect your company data, your technical password policy should include the following:
1. Rethink password expiration policies
Studies have shown that requiring employees to change passwords often could do more harm than good. When forced to update passwords regularly, people tend to choose weaker and more predictable passwords that hackers can easily crack.
There are many cases where passwords need to be updated. For example, if passwords may have been compromised, ask your employees to update them.
2. Protects against hashing and duplicate passwords
Make sure team members cannot repeat previously used passwords. This includes password hashing, where the letters of old passwords are replaced with symbols and numbers. Algorithms can now guess hash patterns with impressive precision.
3. Do not allow passwords containing usernames
Including your name in your password is weak and predictable. Be sure to establish rules that do not allow this practice.
4. Enforce the length rules
Passwords must be at least 8 characters long. Give employees helpful tips to create even more secure passwords, such as using phrases or sentences.
5. Require password complexity
Strong passwords include an uppercase letter, a lowercase letter, a number, and a special character. Set these prerequisites for all employee passwords.
6. Use passphrases
Choosing phrases for your password that have a personal connection to your life, rather than words, is more difficult for someone to hack.
Use phrases like “I love puppies,” but make it unique by altering some of the letters to be numbers or symbols to get “Il0ve the Cub $ 2017”. A phrase about a sports team that you like is easy to remember and creates the required complexity.
7. Use two-factor authentication
Not only does it require a username and password, but multi-factor authentication also requires information that only the user knows. For example, the user will enter their username and password and then they will be asked to enter their phone number. The system will then send a unique code to the user’s phone and ask them to enter that code into the system before login is granted. This means that a hacker would need the credentials for the user’s mobile phone and account.