Recommended Password Guidelines for Admins and Users

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
These pointers can be applied in an home environment.

Quoted from Password policy recommendations for Office 365

Password guidelines for administrators
The primary goal of a more secure password system is password diversity. You want your password policy to contain lots of different and hard to guess passwords. Here are a few recommendations for keeping your organisation as secure as possible.
  • Maintain an 8-character minimum length requirement (longer isn't necessarily better)
  • Don't require character composition requirements. For example, *&(^%$
  • Don't require mandatory periodic password resets for user accounts
  • Ban common passwords, to keep the most vulnerable passwords out of your system
  • Educate your users to not re-use their organisation passwords for non-work related purposes
  • Enforce registration for multi-factor authentication
  • Enable risk-based multi-factor authentication challenges

Password guidance for your users
Here's some password guidance for users.
  • Don't use a password that is the same or similar to one you use on any other websites
  • Don't use a single word, for example, password, or a commonly-used phrase like Iloveyou
  • Make passwords hard to guess, even by those who know a lot about you, such as the names and birthdays of your friends and family, your favourite bands, and phrases you like to use

Keep reading for Some negative Impacts of Password Expiration Policies
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top