Implementing a Password Policy
Every year, on the first Thursday in May, World Password Day is observed across the globe. No need to worry if you missed the celebration – we are continuing our password appreciation all month long. Intel started this tradition several years ago to bring awareness to something often overlooked: our passwords protect extremely valuable information, and it is important to use best practice methods when creating and maintaining passwords.
It can be easy to get in the habit of choosing passwords for convenience rather than protection. At Horizon, we are constantly taking efforts to protect your data and educate users on the most current cyber security recommendations. If you do not currently enforce an agency password policy, we highly recommend implementing password guidelines as soon as possible.
Our security experts have complied the following suggestions for strong, secure passwords.
- Maintain an 8–10-character minimum length requirement
- Require at least 1 special character (!,@,#,$,%, etc.)
- Ban common passwords from your system (password, 12345678, abc123, etc.)
- Users should NOT use their work passwords for non-work accounts
- When possible, enforce registration for Multi-Factor Authentication
- Enable risk-based multi-factor authentication challenges
- Once a strong password is in place, it is not necessary to change it unless you believe it may have been compromised. Previously, experts agreed that changing passwords regularly contributed to additional security. More recently, it is believed that the strength of the password is more important than continual, periodic updates.
Horizon IT Team – May 2021