Security 101 07-16-2014

Creating Strong Password Policy Best Practices

Flavio Martins

With more of our private communication, financial transactions, and health care information being stored online, the accessibility of this information to users comes with serious security risks. A strong password policy is the front line of defense to confidential user information.

Administrators today play a more critical role than ever in educating and ensuring that users are aware of the security risks they face, and that they need to use strong passwords as a first line of defense from scammers and hackers.

Technology should facilitate, not complicate passwords

Technologies like one-time passwords, client certificates, smart cards, and biometrics can add layers to account security. Two-factor authentication combines multiple layers of security, thereby enhancing the overall security of the system. The more critical the system, the greater number of layers of authentication it should include.

However, the traditional password still remains the primary method of user authentication. And despite the number of layers included in the system, they all generally rely on a username and password combination. When creating a password policy, administrators should focus on these three key elements:

1. Understand what a strong password policy is

A password policy is a set of rules created to improve computer security by motivating users to create dependable, secure passwords and then store and utilize them properly. Normally, a password policy is a part of the official regulations of an organization and might be employed as a section of the security awareness training.

Although most users understand the nature of security risks related to simple passwords, there’s still frustration when users are required to spend time attempting to create a password that meets an unfamiliar criteria or attempting to remember a previously created strong password.

2. Enforce using strong passwords

Passwords are a first line of protection against any unauthorized access into your personal computer. The stronger the password, the higher level of protection your computer has from malicious software and hackers.

A strong password isn’t just about one password, it’s important that you guarantee strong passwords for each account that you access through your computer. When you are utilizing a corporate network, the network administrator may encourage you to use a strong password.

To be able to create a strong password, you should be aware of the criteria to make one. These criteria basically include the following:

  • A strong password must be at least 8 characters long.
  • It should not contain any of your personal information — specifically, your real name, username or your company name.
  • It must be very unique from your previously used passwords.
  • It should not contain any word spelled completely.
  • A strong password should contain different types of characters, including uppercase letters, lowercase letters, numbers and characters.

3. Educate users to manage their strong passwords

Having a password like "eC<My!chO,quaj^of)naD}uM}rIew>Ap[Ek}E*quaC.eib(Tyb” is very secure. It contains most every element of a strong password. But how many users will remember a password like this? Chances are a strong password like this is written down on a piece of paper taped to the user’s monitor, underneath their keyboard or sitting in top their desk drawer. It might be even hidden among the random items on the user’s desk.

Users can instead relate their passwords to things they can easily remember, like a favorite sport or hobby. For instance, “I enjoy playing basketball” can be “IEnjoiPlay!ngB@$k3tb@ll11.” This is secure and could also be easily remembered by users.

Password management software like LastPass and Apple Keychain takes the hassle out of managing strong passwords. For less than the price of a soda, you can easily create and manage strong passwords . But the combinations are numerous and by just remembering one main strong password, you can rely on a password manager to take care of the rest.

4. Creating strong password policy best practices

A password may follow the traditional guidelines yet still be weak. Users who can’t remember their strong passwords and end up writing them down or constantly having to reset their passwords undermine the benefits of a strong password policy.

Passwords are one piece of the security puzzle in the enterprise. Keeping user accounts secure takes a combination of a thorough process for strong password creation and an easy-to-use system for users to follow to keep those passwords safe.


3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories


Pioneering the next wave of secure digital solutions 


4 best practices for bulk email senders



Driving digital trust with SOC 2-compliant DNS