How do you create an Enterprise Password Policy that actually gets used?

March 29, 2019 | Views: 5961

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Article posted courtesy of : Thycotic

1. Take the human element out of the equation whenever you can – Use a password manager that doesn’t require a user to remember their password to login to sensitive systems.
2. Remove unnecessary password rotations – I’m going to have to side with the NIST’s proposed password security policy changes coming up on this one. Your organization should practice strong password policy, but forcing a user to pick a new password themselves leads to things like patterns in passwords. Now, if you have a password manager, then automatic rotation is just fine, because there is no downside to this practice when a piece of software is handling it.
3. Be careful with overly complex requirements – Remember, the harder you make something to remember, the faster your employees will make shortcuts to remember those passwords. If your password policy requires a capital letter, lower case letter, special character, a number, no two consecutive letters or numbers, and 12 characters long – there is no way I’m going to remember that password. Never. Ever.
4. Two Factor Authentication – Two Factor Authentication (2FA) needs to become a mandatory requirement in anything that requires a password, with an alerting system when a password is attempted without 2FA (early signs of password compromise). Personally, I’ve had numerous accounts saved from breach due to 2FA. There aren’t too many ways to get around this one for attackers. And honestly, their time is better spent trying to go after accounts that don’t have 2FA.
5. Don’t think like an Admin – What will the average employee do? Yes, they should protect their passwords. Yes, they should be all unique. Yes, they should make them hard to guess.

Do you have a watertight enterprise password policy in place?

Check out this free privileged password policy template. You can customize it to suit your organization.

Check out a great template here!

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel