{"id":2886,"date":"2022-04-01T12:34:00","date_gmt":"2022-04-01T12:34:00","guid":{"rendered":"https:\/\/sectigostore.com\/blog\/?p=2886"},"modified":"2022-03-24T22:34:51","modified_gmt":"2022-03-24T22:34:51","slug":"12-password-policy-best-practices-to-adopt-today","status":"publish","type":"post","link":"https:\/\/sectigostore.com\/blog\/12-password-policy-best-practices-to-adopt-today\/","title":{"rendered":"12 Password Policy Best Practices to Adopt Today"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\"><a href=\"https:\/\/www.verizon.com\/business\/resources\/reports\/dbir\/\">Verizon\u2019s 2021 DBIR<\/a> &nbsp;revealed that credentials were the most sought-after type of data in breaches. Credentials were stolen in 60% of breaches \u2014 more than medical, bank, or payment information. So, what password policy best practices can we adopt today to secure our accounts?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">According to Verizon\u2019s 2021 Data Breach Investigations Report (DBIR), 85% of social engineering attacks were launched to steal credentials. Using unique passwords is how we lock our accounts and devices to protect them from unauthorized users. Passwords are the first line of defense against unauthorized users and have to be impeccable. But having strong password security goes beyond just having strong passwords \u2014 it also requires having a useful and practice password policy in place as well.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you\u2019re looking to implement a password policy in your business, here are our top 12 password policy best practices to put into action away.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What Makes a Good Password Policy?<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"640\" src=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/09\/passwordless-authentication-1024x640.jpg\" alt=\"Password policy graphic: A stock image that has poor passwords illustrated on sticky notes alongside a computer keyboard\" class=\"wp-image-1571\" srcset=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/09\/passwordless-authentication-1024x640.jpg 1024w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/09\/passwordless-authentication-300x188.jpg 300w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/09\/passwordless-authentication-560x350.jpg 560w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/09\/passwordless-authentication-1536x960.jpg 1536w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/09\/passwordless-authentication-940x588.jpg 940w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/09\/passwordless-authentication-480x300.jpg 480w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/09\/passwordless-authentication.jpg 1600w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption>Passwords should be memorized secrets that are easy to remember but hard for attackers to brute force.<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">A password policy is a set of rules for an organization to create, store, use and secure strong passwords to ensure a secure network. If you want to set up a strong password policy, it\u2019s crucial to find the perfect balance between security and convenience for the end user. If the policy is too difficult to follow, your employees might not follow it properly. On the other hand, if it is too lax, security will be compromised. To be effective, the policy has to be like Goldilocks\u2019s porridge: \u201cjust right.\u201d<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">You should think about the nature of your business and the level at which you work when developing your policies. If your website shares free recipes about baked goods, you might not need the same stringent policies as, say, an arms manufacturer. A security professional&#8217;s unbiased review of your organization will go a long way in setting up your password policies.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The National Institute of Standards and Technology (NIST) has some great information available in their <a href=\"https:\/\/doi.org\/10.6028\/NIST.SP.800-63b\">Authentication and Lifecycle Management Guidelines<\/a> (SP 600-63B).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Password Policy Best Practices<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Now, let\u2019s look at 12 password policy best practices that can strengthen your organization\u2019s account security defenses.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1.\u00a0When It Comes to Passwords, the Longer the Better<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">An organization should specify the minimum length of passwords for all users. Shorter passwords are susceptible to <a href=\"https:\/\/www.thesslstore.com\/blog\/brute-force-attack-definition-how-brute-force-works\/\">brute force attacks<\/a>, which are attacks involving an attacker trying to repeatedly guess your username-password combination. Longer passwords take more time to crack by brute force attack because they require an attacker to try out a higher number of potential combinations.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The following table shows how long it takes to crack passwords of various lengths, as determined by <a href=\"https:\/\/www.hivesystems.io\/password-table\">Hive Systems<\/a>. It clearly shows the importance of using longer passwords:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>No. of letters used<\/td><td>Whether numbers are used<\/td><td>Mix of uppercase and lowercase letters are used<\/td><td>Whether special characters are used<\/td><td>Time taken to crack the password<\/td><\/tr><tr><td>8<\/td><td>No<\/td><td>Yes<\/td><td>No<\/td><td>2 minutes<\/td><\/tr><tr><td>8<\/td><td>Yes<\/td><td>Yes<\/td><td>No<\/td><td>7 minutes<\/td><\/tr><tr><td>8<\/td><td>Yes<\/td><td>Yes<\/td><td>Yes<\/td><td>39 minutes<\/td><\/tr><tr><td>12<\/td><td>No<\/td><td>Yes<\/td><td>No<\/td><td>24 years<\/td><\/tr><tr><td>12<\/td><td>Yes<\/td><td>Yes<\/td><td>No<\/td><td>200 years<\/td><\/tr><tr><td>12<\/td><td>Yes<\/td><td>Yes<\/td><td>Yes<\/td><td>3,000 years<\/td><\/tr><tr><td>16<\/td><td>No<\/td><td>Yes<\/td><td>No<\/td><td>173 million years<\/td><\/tr><tr><td>16<\/td><td>Yes<\/td><td>Yes<\/td><td>No<\/td><td>3 billion years<\/td><\/tr><tr><td>16<\/td><td>Yes<\/td><td>Yes<\/td><td>Yes<\/td><td>92 billion years<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">While forming your password policy, bear in mind that longer passwords are harder to remember, so employees might be tempted to write them down. This could lead to unauthorized people gaining access. So, try to balance the number of characters required for the passwords with the difficulty of remembering them.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The <a href=\"https:\/\/www.fbi.gov\/contact-us\/field-offices\/phoenix\/news\/press-releases\/fbi-tech-tuesday-strong-passphrases-and-account-protection\">Federal Bureau of Intelligence (FBI)<\/a> recommends using strong passphrases in place of passwords to make them easier to remember. For example, a passphrase like <em>Istartedriding@6<\/em> is easier to remember than a random jumble of letters, numbers and characters like <em>dg8GY%ire&amp;cSIirn#<\/em>. You can always switch letters with symbols and numbers to make a passphrase harder to brute force like <em>i$tart3Drid1ng@6<\/em>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2.\u00a0Pay Attention to Password Content<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">The above table also shows that when you mix special characters and numbers in passwords, it takes much longer for the criminals to crack them. So, using different types of characters is a smart choice.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Never use personal information in passwords. <\/strong>Don\u2019t use the account holder\u2019s name or their birth date as a password, even with a combination of words and numbers. Using easily accessible information in passwords makes it easier for the bad guys to crack them.<\/li><li><strong>Be cautious using random number\/letter passwords. <\/strong>Random characters are more complex than full words because they make <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/definition\/dictionary-attack\">dictionary attack<\/a>s difficult. Using the password <em>Apple@123<\/em> is much less secure than using a password like <em>29Dihfc$j<\/em> as it is susceptible to a dictionary attack. But the flip side is that it\u2019s a lot harder to remember, which can lead to being tempted to re-use it across multiple accounts or to write it on a sticky note that\u2019s easily accessible.<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3.\u00a0Implement Strong Password and Account Management Policies &amp; Practices<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">A password policy should clearly state the duration that the password is valid.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Don\u2019t set arbitrary password expiration periods. <\/strong>You should change your passwords whenever they are compromised. Mandatory password expiration might demotivate the employees who will be tempted to use weak or predictable passwords. If the expiration period is event based, they would be less likely to forget them as the period is generally longer. <a href=\"https:\/\/pages.nist.gov\/800-63-FAQ\/#q-b05\">NIST<\/a> recommends that passwords shouldn\u2019t be required to change at set periods \u2014 only when they\u2019ve been breached. The idea here is that since passwords should be memorized, making users change them arbitrarily is unnecessary.<\/li><li><strong>Direct new users to change preset passwords immediately. <\/strong>New users with accounts with preset passwords should be required to immediately change their password for a stronger one. Preset passwords can make the system vulnerable to cyberattacks.<\/li><li><strong>Delete dormant accounts. <\/strong>Your cyber security policy should include deleting accounts of former employees as soon as they leave the organization. Abandoned or unmonitored accounts are a huge security threat \u2014 if an ex-employee has access to your company network because you never deactivated their account, they could use it for malicious purposes.<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4.\u00a0Restrict Password Re-Use Across Multiple Accounts<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">When large breaches occur, a huge amount of data is leaked, including the usernames and passwords of many account holders. If a person uses the same password for multiple accounts, it\u2019s easier for a criminal to hack into their other accounts too.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Let\u2019s say it loud and clear for everyone reading this:<strong> Never re-use passwords. <\/strong>Often, people use one password and alter it to suit different accounts. For instance, if the password for one account is <em>password&amp;1<\/em>, the password for another account is <em>password&amp;2<\/em>, and for a third account it is <em>password&amp;3<\/em>. Cybercriminals are well aware of account holders\u2019 little tricks to remember passwords. This makes it possible to brute force all the passwords if one of them is breached.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">It is highly risky to use the same password (or a slightly different password) to, say, read an online magazine and also operate your workstation. So, it is advisable to direct your employees to use entirely unique passwords for all their accounts.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">5.\u00a0Maintain a Password Blocklist<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">A password blocklist, or blacklist, is a list of weak passwords and their variants that are not allowed to be used as a password in the organization. The list could include:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>T<a href=\"https:\/\/nordpass.com\/most-common-passwords-list\/\">he most common passwords<\/a><\/li><li>The name of the organization<\/li><li>Anything related to the organization<\/li><li>Passwords that have been published or sold online<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">After <a href=\"https:\/\/nordpass.com\/fortune-500-password-study\/\">a study of Fortune 500 companies<\/a>, NordPass found that 20% of passwords contained the company name or a variation. For example, if the name of the organization is Atlas Steels, using <em>Atlas<\/em> or <em>Steel<\/em> in the password would make it vulnerable. If you work for Facebook and use a password that includes <em>Zuckerberg<\/em>, guessing your password won\u2019t require an attacker to be a rocket science! A blocklist helps to avoid this issue. The blocklist should be updated regularly to make it more effective.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">6.\u00a0Prohibit Password Sharing<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Passwords are part of your unique credentials and are meant to be kept secret. The more people know them, the less secure they are. Even if you have great password hygiene, that doesn\u2019t mean that the person you share your login credentials with operates the same way. This leaves your account \u2014 and everything you have access to \u2014 at risk.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This is why it\u2019s crucial to communicate the following to your employees and make it part of your official password policy:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Never share passwords.<\/strong> Period. As an extension to that rule, passwords should never be messaged, emailed, or sent over written communication.<\/li><li><strong>Use a secure communication channel if you do have to share it.<\/strong> We get it, life happens and, sometimes, you may find yourself using a shared login for access to specific services. If you do wind up having to share a password for something, be sure to do it through a secure channel such as an encrypted email. And it\u2019s best to immediately change the password to something unique and new right away once you no longer need to share the secret.<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">7.\u00a0Strengthen Passwords for Privileged Users<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Privileged users, such as admins, have more access privileges than other network users. They might have access to information about other users or customers, including sensitive data. So, because privileged users have so much access, their passwords need to be extra strong.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Privileged users<\/strong> <strong>should protect their accounts.<\/strong> Privileged users should adopt stringent security measures to secure their accounts as they are also protecting other people\u2019s data.<\/li><li><strong>Use more stringent policies<\/strong> <strong>for privileged account holders.<\/strong> A privileged account holder is in possession of more sensitive data. In case of breach, if the data of a CEO or IT admin is lost, the company might have to suffer more damages than a breach involving a regular user. Therefore, an organization should have different policies for both types of users.<\/li><li><strong>Communicate<\/strong> <strong>the additional security policies to privileged users<\/strong>. If you fail to communicate the additional security requirements to the privileged user, they might not be aware of the risks the organization faces.<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">8.\u00a0Keep Passwords Secure<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">So, now your employees have beefed-up passwords, and you\u2019ve directed them to use different passwords for different accounts. Problem solved, right? Wrong. A recent study by <a href=\"https:\/\/nordpass.com\/blog\/password-habits-statistics\/\">NordPass<\/a> reported that:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>70% of people surveyed had more than 10 password-protected accounts.<\/li><li>20% had more than 50 password-protected accounts.<\/li><li>30% of the people found it stressful to manage the passwords.<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">As a result of the stress of handling too many passwords, employees might be tempted to:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Write their passwords down on post-it notes and stick them to their devices.<\/li><li>Make a spreadsheet of their passwords.<\/li><li>Use a physical notepad to store their passwords.<\/li><li>Re-use their passwords across multiple accounts.<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">All these practices should be banned by the management in an organization. When forming policies, management should inform employees about the dangers of doing so. So, how do you remember all the passwords? Well, that\u2019s where password managers come into the picture.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">9.\u00a0Use a Password Manager<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Password managers are specially designed programs that keep all your passwords secure in one place. A password manager can also generate and store strong passwords for all your accounts without you racking your brains to remember them. To access your accounts, you just need to remember the password for the password manager.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A password manager can also store:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Information about your devices, including their serial numbers, warranty, and insurance details<\/li><li>Important document information, including your passport number or your social security number<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Encourage your employees to use a legitimate, trusted password manager to securely generate, store, and use their passwords.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">10.&nbsp; Be Aware of Legal Obligations<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Many regulations govern the organizations that collect and store their users\u2019 data. Some of these regulations include:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.cdc.gov\/phlp\/publications\/topic\/hipaa.html#:~:text=The Health Insurance Portability and,the patient's consent or knowledge.\">Health Insurance Portability and Accountability Act (HIPPA)<\/a> \u2014 Covers the U.S. healthcare sector<\/li><li><a href=\"https:\/\/gdpr-info.eu\/\">General Data Protection Regulation (GDPR)<\/a> \u2014 Covers data privacy of European Union residents.<\/li><li><a href=\"https:\/\/oag.ca.gov\/privacy\/ccpa\">California Consumer Privacy Act (CCPA)<\/a> \u2014 Covers the data privacy of California residents.<\/li><li><a href=\"https:\/\/www.pcisecuritystandards.org\/\">Payment Card Industry Data Security Standard (PCI\/DSS)<\/a> \u2014 The standard for all organizations that accept online payment<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Failure to follow these regulations where applicable can result in serious consequences.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">11.\u00a0Use Multi-Factor Authentication or Passwordless Authentication<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Having a well-rounded password policy that everyone follows in the organization will create a more secure network and strengthen your organization\u2019s overall defenses. However, Verizon\u2019s DBIR reported that 17% of breaches are the result of human error. So, you should consider that while creating a password policy. Multi-factor authentication is one way to reduce the possibility of such errors.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Even if an employee stores their passwords in a password manager, you should also encourage them to use <a href=\"https:\/\/sectigostore.com\/blog\/what-is-multi-factor-authentication-and-how-does-it-differ-from-2fa-sfa\/\">multi-factor authentication<\/a> (MFA). If the bad guys get hold of the password for their password manager account, they\u2019ll gain access to all the secrets stored in there. But using MFA as an extra layer of security can limit that possibility \u2014 you\u2019ll be sure that only the authorized user is able to access the manager.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Another option is to get rid of passwords altogether by using a <a href=\"https:\/\/sectigostore.com\/blog\/what-is-passwordless-authentication\/\">passwordless authentication<\/a> method. This entails using a public key infrastructure (PKI) unique digital certificate that identifies and authenticates you as the legitimate users.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">12.\u00a0Communicate Your Password Policy (and Enforce It)<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">If you have a first-class password policy that your employees don\u2019t know about, the policy is a waste of time.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Communicate the policy to all users and enforce its usage.<\/strong> This includes all of your employees and other network users; train them on how to follow it and enforce the policy when necessary.<\/li><li><strong>Ensure your policy is comprehensive and meets your needs. <\/strong>Provide clear directions regarding the policy requirements and the repercussions of failure to follow it in the policy document<\/li><li><strong>Review and update your policies. <\/strong>Review the effectiveness of your password policy regularly and make changes whenever necessary, communicating changes to employees<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Final Thoughts on the 12 Password Policy Best Practices<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Every organization needs a strong framework for cybersecurity. A company should have staff dedicated to protect your organization against cyber threats. If you have strong security policies but don\u2019t bother enforcing them, then you risk your employees opting not to follow the rules. (Why should they bother if they don\u2019t get so much as a slap on the wrist?)<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The cybersecurity staff can inspect the online behavior of all the employees. Revisiting the effectiveness of the policies will help you have clearer view on its drawbacks. The management can redraw the policy as and when they seem fit. Every business has different requirements depending on its size, nature, and cyber threat scenario. Therefore, instead of blindly following a cookie-cutter set of rules made by third parties, the management should make their personalized policy. &nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">An effective password policy is clear, concise, and communicated to every person who has access to the company network. Failing to implement the password policy will have serious consequences for the organization. Therefore, utmost care should be taken to implement it.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Verizon\u2019s 2021 DBIR &nbsp;revealed that credentials were the most sought-after type of data in breaches. Credentials were stolen in 60% of breaches \u2014 more than medical, bank, or payment information&#8230;.<\/p>\n","protected":false},"author":19,"featured_media":2887,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[13],"tags":[242,241],"class_list":["post-2886","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","tag-password-best-practices","tag-password-policy","post-with-tags"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>12 Password Policy Best Practices to Adopt Today - InfoSec Insights<\/title>\n<meta name=\"description\" content=\"Looking for insights about how to create a strong password policy? Here are 12 password best practices every company should adopt right away\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sectigostore.com\/blog\/12-password-policy-best-practices-to-adopt-today\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"12 Password Policy Best Practices to Adopt Today - InfoSec Insights\" \/>\n<meta property=\"og:description\" content=\"Looking for insights about how to create a strong password policy? Here are 12 password best practices every company should adopt right away\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sectigostore.com\/blog\/12-password-policy-best-practices-to-adopt-today\/\" \/>\n<meta property=\"og:site_name\" content=\"InfoSec Insights\" \/>\n<meta property=\"article:published_time\" content=\"2022-04-01T12:34:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2022\/03\/password-policy-feature.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"1000\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Megha Thakkar\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Megha Thakkar\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/12-password-policy-best-practices-to-adopt-today\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/12-password-policy-best-practices-to-adopt-today\\\/\"},\"author\":{\"name\":\"Megha Thakkar\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#\\\/schema\\\/person\\\/77f01ec498571464bae513fa5bfd42da\"},\"headline\":\"12 Password Policy Best Practices to Adopt Today\",\"datePublished\":\"2022-04-01T12:34:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/12-password-policy-best-practices-to-adopt-today\\\/\"},\"wordCount\":2496,\"image\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/12-password-policy-best-practices-to-adopt-today\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/password-policy-feature.jpg\",\"keywords\":[\"password best practices\",\"password policy\"],\"articleSection\":[\"Cyber Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/12-password-policy-best-practices-to-adopt-today\\\/\",\"url\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/12-password-policy-best-practices-to-adopt-today\\\/\",\"name\":\"12 Password Policy Best Practices to Adopt Today - InfoSec Insights\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/12-password-policy-best-practices-to-adopt-today\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/12-password-policy-best-practices-to-adopt-today\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/password-policy-feature.jpg\",\"datePublished\":\"2022-04-01T12:34:00+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#\\\/schema\\\/person\\\/77f01ec498571464bae513fa5bfd42da\"},\"description\":\"Looking for insights about how to create a strong password policy? Here are 12 password best practices every company should adopt right away\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/12-password-policy-best-practices-to-adopt-today\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/sectigostore.com\\\/blog\\\/12-password-policy-best-practices-to-adopt-today\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/12-password-policy-best-practices-to-adopt-today\\\/#primaryimage\",\"url\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/password-policy-feature.jpg\",\"contentUrl\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/password-policy-feature.jpg\",\"width\":1600,\"height\":1000,\"caption\":\"password policy best practices feature image of an unknown password typed into a login screen\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/12-password-policy-best-practices-to-adopt-today\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"12 Password Policy Best Practices to Adopt Today\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/\",\"name\":\"InfoSec Insights\",\"description\":\"SectigoStore.com Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#\\\/schema\\\/person\\\/77f01ec498571464bae513fa5bfd42da\",\"name\":\"Megha Thakkar\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/390ac6e8c0915150ea845acfc11db159571a2dc74d5745edc8edacec9f996bce?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/390ac6e8c0915150ea845acfc11db159571a2dc74d5745edc8edacec9f996bce?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/390ac6e8c0915150ea845acfc11db159571a2dc74d5745edc8edacec9f996bce?s=96&d=mm&r=g\",\"caption\":\"Megha Thakkar\"},\"description\":\"Megha can usually be found reading, writing, or watching documentaries, guaranteed to bore her family. She is a techno-freak with interests ranging from cooking to travel. A regular contributor to various web security blogs, she has earned her diploma in network-centric computing. Being a mother has taught her to speak less and write more (coz who listens to moms, right?).\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"12 Password Policy Best Practices to Adopt Today - InfoSec Insights","description":"Looking for insights about how to create a strong password policy? Here are 12 password best practices every company should adopt right away","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sectigostore.com\/blog\/12-password-policy-best-practices-to-adopt-today\/","og_locale":"en_US","og_type":"article","og_title":"12 Password Policy Best Practices to Adopt Today - InfoSec Insights","og_description":"Looking for insights about how to create a strong password policy? Here are 12 password best practices every company should adopt right away","og_url":"https:\/\/sectigostore.com\/blog\/12-password-policy-best-practices-to-adopt-today\/","og_site_name":"InfoSec Insights","article_published_time":"2022-04-01T12:34:00+00:00","og_image":[{"width":1600,"height":1000,"url":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2022\/03\/password-policy-feature.jpg","type":"image\/jpeg"}],"author":"Megha Thakkar","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Megha Thakkar","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/sectigostore.com\/blog\/12-password-policy-best-practices-to-adopt-today\/#article","isPartOf":{"@id":"https:\/\/sectigostore.com\/blog\/12-password-policy-best-practices-to-adopt-today\/"},"author":{"name":"Megha Thakkar","@id":"https:\/\/sectigostore.com\/blog\/#\/schema\/person\/77f01ec498571464bae513fa5bfd42da"},"headline":"12 Password Policy Best Practices to Adopt Today","datePublished":"2022-04-01T12:34:00+00:00","mainEntityOfPage":{"@id":"https:\/\/sectigostore.com\/blog\/12-password-policy-best-practices-to-adopt-today\/"},"wordCount":2496,"image":{"@id":"https:\/\/sectigostore.com\/blog\/12-password-policy-best-practices-to-adopt-today\/#primaryimage"},"thumbnailUrl":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2022\/03\/password-policy-feature.jpg","keywords":["password best practices","password policy"],"articleSection":["Cyber Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/sectigostore.com\/blog\/12-password-policy-best-practices-to-adopt-today\/","url":"https:\/\/sectigostore.com\/blog\/12-password-policy-best-practices-to-adopt-today\/","name":"12 Password Policy Best Practices to Adopt Today - InfoSec Insights","isPartOf":{"@id":"https:\/\/sectigostore.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sectigostore.com\/blog\/12-password-policy-best-practices-to-adopt-today\/#primaryimage"},"image":{"@id":"https:\/\/sectigostore.com\/blog\/12-password-policy-best-practices-to-adopt-today\/#primaryimage"},"thumbnailUrl":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2022\/03\/password-policy-feature.jpg","datePublished":"2022-04-01T12:34:00+00:00","author":{"@id":"https:\/\/sectigostore.com\/blog\/#\/schema\/person\/77f01ec498571464bae513fa5bfd42da"},"description":"Looking for insights about how to create a strong password policy? Here are 12 password best practices every company should adopt right away","breadcrumb":{"@id":"https:\/\/sectigostore.com\/blog\/12-password-policy-best-practices-to-adopt-today\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sectigostore.com\/blog\/12-password-policy-best-practices-to-adopt-today\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sectigostore.com\/blog\/12-password-policy-best-practices-to-adopt-today\/#primaryimage","url":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2022\/03\/password-policy-feature.jpg","contentUrl":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2022\/03\/password-policy-feature.jpg","width":1600,"height":1000,"caption":"password policy best practices feature image of an unknown password typed into a login screen"},{"@type":"BreadcrumbList","@id":"https:\/\/sectigostore.com\/blog\/12-password-policy-best-practices-to-adopt-today\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sectigostore.com\/blog\/"},{"@type":"ListItem","position":2,"name":"12 Password Policy Best Practices to Adopt Today"}]},{"@type":"WebSite","@id":"https:\/\/sectigostore.com\/blog\/#website","url":"https:\/\/sectigostore.com\/blog\/","name":"InfoSec Insights","description":"SectigoStore.com Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sectigostore.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/sectigostore.com\/blog\/#\/schema\/person\/77f01ec498571464bae513fa5bfd42da","name":"Megha Thakkar","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/390ac6e8c0915150ea845acfc11db159571a2dc74d5745edc8edacec9f996bce?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/390ac6e8c0915150ea845acfc11db159571a2dc74d5745edc8edacec9f996bce?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/390ac6e8c0915150ea845acfc11db159571a2dc74d5745edc8edacec9f996bce?s=96&d=mm&r=g","caption":"Megha Thakkar"},"description":"Megha can usually be found reading, writing, or watching documentaries, guaranteed to bore her family. She is a techno-freak with interests ranging from cooking to travel. A regular contributor to various web security blogs, she has earned her diploma in network-centric computing. Being a mother has taught her to speak less and write more (coz who listens to moms, right?)."}]}},"_links":{"self":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/posts\/2886","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/comments?post=2886"}],"version-history":[{"count":0,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/posts\/2886\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/media\/2887"}],"wp:attachment":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/media?parent=2886"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/categories?post=2886"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/tags?post=2886"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}