Skip to content
Verity IT - Managed IT Support - Logo
Search
  • Managed IT Services
    • Managed IT Support
    • IT Security Services
    • Telecommunications & Connectivity Services 
    • IT Projects
    • IT Strategy & Planning
    • Managed Cloud Services
  • About Us
    • About Us
    • Careers
  • Industries
    • IT Support for Accounting Firms
    • IT Support for Architects
    • IT Services for Construction
    • Healthcare IT Support
    • IT Services for Law Firms
    • IT Services for Local Government
    • IT Services for Long Term Care Facilities
    • Manufacturing IT Support
    • IT Services for NonProfits
    • Real Estate IT Support
  • Contact Us
  • Resources
    • IT Security Assessments
    • Blog – Managed IT Services Best Practices
    • Managed IT Support Success Stories
    • Customer Portal
    • Events
    • F.A.Q.’s
    • Referral Program
    • Webinars
  • Search

Password Policies: The Key to Business Security

Password policies are a set of rules created to increase cybersecurity by encouraging users to create reliable, secure passwords and then store and utilize them properly. A strong password policy is the front line of defense in protecting online transactions, personal communications and private information.

This is why system administrators play a major role in making sure that each user is well aware of the cybersecurity risks they face every day. To achieve this, they need strong password policies and best practices.

Here are some examples of password policy best practices that every system administrator should implement:

1. Enforce History Policy

The Enforce Password History Policy will set how often an old password can be reused. This policy will discourage users from reusing a previous password, which in turn, will prevent them from alternating between several common passwords.

2. Minimum & Maximum Age Policy

The Minimum Password Age Policy will prevent a user from dodging the password system by using a new password and then changing it back to their old one. To prevent this, the specific minimum age should be set from three to seven days, making sure that users are less prone to switch back to an old password. Users are still able to change it in a reasonable amount of time.

The Maximum Password Age Policy determines how long users can keep a password before they are required to change it. This policy forces the user to change their passwords regularly. To ensure your network’s security, you should set the value to 90 days for passwords and 180 days for passphrases.

3. Minimum Length Policy

This policy determines the minimum number of characters needed to create a password. You should set the minimum password length to at least eight characters since long passwords are harder to crack than short ones. For even greater security, you could set the minimum password length to 14 characters.

A word of advice: If you haven’t changed the default setting, you should change it immediately! Sometimes the default is set to zero characters (meaning that it allows empty passwords).

4. Passwords Must Meet Complexity Requirements Policy

By enabling the Passwords Must Meet Complexity Requirements Policy, you’ll ensure that every password is secured following these guidelines:

Password copy

• Passwords can not contain the username or parts of the user’s full name (i.e.: their first name).

• Passwords must use at least three of the four available character types: lowercase letters, uppercase letters, numbers and symbols.

5. Strong Passphrase Policy

Strong passphrases with a minimum of 15 characters should always be used to protect domain administrator accounts. While passwords and passphrases serve the same purpose — passwords are usually short, hard to remember and easy to crack, while passphrases are easier to remember and type but much harder to crack due to length.

6. Password Audit Policy

Enabling the Password Audit Policy allows you to track all password changes. By monitoring the modifications that are made, it is easier to track potential security problems. This helps to ensure user accountability and provides evidence in the event of a security breach.

It is so important to educate your users on how to manage their passwords. Passwords are only one piece of the security puzzle. Security Awareness Training is a great way to keep your user accounts safe — never forget that a chain is only as strong as its weakest link.

Ready to Get Started with Managed IT Services?

Contact Us Today
Posted in BlogTagged Cybersecurity

Post navigation

  Previous PostNext Post 
verity-it-white-logo

Verity IT provides Managed IT services, cybersecurity, and cloud services to help your business stay secure and run smoothly. With offices in Chicago, Nashville, Orlando, and Fort Myers/Naples, we are well-positioned to serve businesses across these regions. Our team is here to ensure your technology works for you, allowing you to focus on what you do best.

IT Services

Managed IT Services

IT Security Services

Telecommunications & Connectivity

IT Projects

IT Strategy & Planning

Cloud Services

About Us

About Us

Careers

Contact Us

Customer Portal

IT Resources

IT Security Assessments

Blog

Case Studies

Events

FAQ

Referral Program

Webinars

Chicago IT Support

2001 Butterfield Road, Suite 102 
Downers Grove, Illinois 60515

Nashville IT Support

1204 S Main St., Suite D 
Columbia, Tennessee 38401

Orlando IT Services 

1800 Pembrook Drive 
Orlando, Florida 32810

Fort Myers IT Support

Naples, Florida 34109

©2024 Verity IT, LLC

Privacy Policy

  • LinkedIn
  • Facebook
  • YouTube
Search for:
Customer IT Support: 224-345-2640 or
[email protected]
This is default text for notification bar
Learn more