Password Policy Guidelines
Password Length:
Minimum 8 to 12 characters.
Complexity Requirements:
Include uppercase and lowercase letters, numbers, and special characters.
Password History:
Prohibit reuse of recent passwords.
Password Expiration:
Change passwords every 90 days.
Account Lockout Policy:
Temporarily lock accounts after a set number of failed login attempts.
Two-Factor Authentication (2FA):
Encourage or require the use of 2FA.
Educational Resources:
Provide guidance on creating strong, memorable passwords.
Password Storage:
Use secure hashing methods with salting.
Communication:
Clearly communicate the policy to all users.
Regular Audits:
Periodically audit passwords and prompt updates as needed.
Monitoring and Alerts:
Implement monitoring for unusual password-related activities.