Password Policy Guidelines

Password Policy Guidelines

Password Length:

Minimum 8 to 12 characters.


Complexity Requirements:

Include uppercase and lowercase letters, numbers, and special characters.


Password History:

Prohibit reuse of recent passwords.


Password Expiration:

Change passwords every 90 days.


Account Lockout Policy:

Temporarily lock accounts after a set number of failed login attempts.


Two-Factor Authentication (2FA):

Encourage or require the use of 2FA.


Educational Resources:

Provide guidance on creating strong, memorable passwords.


Password Storage:

Use secure hashing methods with salting.


Communication:

Clearly communicate the policy to all users.


Regular Audits:

Periodically audit passwords and prompt updates as needed.

Monitoring and Alerts:


Implement monitoring for unusual password-related activities.