We need to talk about the “Janet” in your office. You know the one. Sticky notes all over the desk and monitor labeled:

“MailChimp: Username/Password1”

Passwords are the front line of defense to your business. In most cases, it’s all that separates someone from your email, computer and network access, and all the sensitive information contained.

Password policies are company-wide initiatives to make sure that that line of defense is as strong as possible.

Here are a few starters for setting up an effective password policy.

1. Change your password every 6 months.

Keeping passwords for too long opens you to more vulnerabilities over time. In the event of an unknown breach, changing passwords also block out unwelcome parties.

2. But keep your password for a minimum of 3 months.

Hackers often try to circumvent the “I forgot my password” system. By setting your systems to require a password be kept for 3 months without system administrator intervention, you reduce the window and probability that that type of attack could occur.

3. Don’t use an old password.

This is an easy one. Older passwords have been around longer, thus increasing the chances that they may have been compromised. In the event they were secure and just phased out, make sure you have changed the password 10 times since.

4. Use complex passwords

The more intricate you can make your password, the better. Use capitalization, numbers, and symbols. One way to make it easy to remember is by replacing letters for similar symbols. Like: P@$$w0rd – but don’t actually use “password.”

5. Password Length

This one is easy. 8 characters. MINIMUM.

6. Have you heard of passphrases?

Passphrases are pseudo-sentences that can be significantly longer than passwords.

Like: Please lease lemon pledge (because who is going to guess that?)

Using Passphrases instead of passwords is just another way to decrease the risk of an account being breached.

7. Password Expiration Emails

Automated emails notify employees when it is coming time to change a password. This keeps your employees aware of when passwords will need to be changed before getting locked out of an account.

8. “But keeping different complex passwords is difficult!”

It doesn’t have to be. Both Google and Apple have “keychain” features that store and update passwords as necessary.

If you are looking for a more secure option than something usable by anyone with access to your device, 1Password stores passwords securely and lets you use them while only having to remember one password.

Other Articles You Might Be Interested In:

Office365 is not a Disaster Recovery Plan

Office365 is not a Disaster Recovery Plan

Disaster recovery plans are vital, not just important. Data becomes lost, deleted, purged, corrupted, all the time. Without that measure in place, data is truly lost. There does seem to be confusion on what constitutes a Disaster Recovery plan, however. While many...

read more
Data Backups and Disaster Recovery

Data Backups and Disaster Recovery

Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.

read more

Founded in 1999, ITonDemand helps businesses and associations across the US achieve growth by guiding and supporting IT infrastructure and providing cybersecurity management. ITonDemand’s Core Solution and Security+ have been recognized among both Managed Services and Cybersecurity Providers as a member of the MSP Pioneer 250 and the Top 200 MSSPs.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471