BR +55 11 3069 3925 | USA +1 469 620 7643

How to Create a Secure Password Policy?

by | Feb 22, 2022 | BLOG

Having an efficient password policy is critical to the cybersecurity of companies. Since using easy-to-identify passwords is a way to facilitate scams by malicious actors. For the same reason, repeating passwords is a risky practice.

In 2021, more than 8.4 billion passwords from people all over the world were leaked and posted under the name ‘rock you 2021‘ in an online forum. What did they have in common? They used between 6 and 20 characters, without spaces, numbers, or symbols.

Other characteristics of easy-to-steal passwords are: using birthday or algorithms with repeated numbers, proper names, numerical combinations, and the word Brazil are also often found in leaked passwords of Brazilian users, in addition to the sequence 123456.

We have prepared this article especially to help you keep your company protected. In it, we will propose positive actions for an effective password policy. They are as follows:

  • Change Passwords Frequently
  • Use Software that Alerts You About the Change
  • Join an Account Lockout System
  • Train Your Employees
  • Do Not Use the Same Password for All Accounts
  • Create Strong Passwords
  • Have a Password Manager
  • Adopt Multifactor Authentication in Your Company’s Routine

Read it until the end!

Are you enjoying this post? Join our Newsletter!

Newsletter Blog EN

8 + 4 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

Why Should You Adopt a Secure Password Policy?

We know hackers take advantage of the weakness of corporate passwords in most cyber-invasions. 

Therefore, regardless of the size or industry of an organization, it is essential to have a secure password policy. After all, by adopting it, one avoids invasions that generate inconvenience and financial losses, in addition to preventing the company’s credibility from coming into question.

In practice, the password policy establishes rules to be followed by the entire team, ensuring the adoption of security requirements when creating passwords for accessing corporate devices and systems.

In the next topic, we cover some criteria you should adopt when establishing a password policy for your business. 


Positive Actions for an Effective Password Policy

You now understand the importance of creating a secure password policy for your company. Now, let’s show you how this can be done. Keep reading our text!

  • Change Passwords Frequently

It is believed that using the same password in different applications and services can facilitate the access of malicious users, and when we reduce the number of accesses with the same password, we also reduce the possibilities that they are shared and available for access by third parties.

However, the usefulness of this measure has been questioned. Microsoft itself stopped asking for the periodic change of passwords, considering this method useless. According to this report in Isto É Dinheiro, Aaron Margosis, a cybersecurity consultant at Microsoft, stated it is necessary to change the password only if it is stolen.

Despite this debate, the periodic change of passwords has still been recommended, for this reason, we explain about software that emits alerts when it is time to change them in the following topic.

  • Use Software that Alerts You About the Change

There is specific software that warns about the need to change passwords. They work as follows: when you try to access the computer after some time, you see a pop-up, warning you about the need to change your password to proceed. If you don’t, you will not be able to access the system.

These pieces of software are very useful because, over time, it is very common for people to get comfortable and fail to change their passwords within a certain time.

  • Join an Account Lockout System

Blocking accounts is a very important practice that prevents access after a certain number of attempts. This feature prevents the user from trying to access a system by testing multiple passwords until they reach their goal. This practice is known as brute force and is often used by malicious attackers to gain unauthorized access to these systems.

To get a sense of the importance this feature has, it is widely used by e-mail services and various websites.

  • Train Your Employees

If you are at the head of an organization, you should know that in addition to investing in technology to ensure information security, you need to train your employees through awareness and training to make it possible to identify and avoid threats.

Many people are unaware of the risks involved in accessing corporate systems. In these cases, it is necessary to introduce good practices and enforce them to prevent cyberattacks, including password theft. 

It is also important that these pieces of training are constant, since technology advances every day, as well as the techniques used by malicious agents.

  • Do Not Use the Same Password for All Accounts

If someone manages to steal your password from social media, for example, it is very likely they will test it on your other services, causing much more damage if you use the same password to connect to different online platforms.

Therefore, when establishing a password policy, remember to recommend that your employees have a different password for each online environment they access.

  • Create Strong Passwords

It is not enough to use passwords to access systems. It is necessary to resort to strategies that make it possible to increase the security level of the passwords used. After all, hackers often analyze users and attempt the invasion by testing obvious possibilities such as birthdates, relatives’ names, and short words.

In these cases, we recommend using a minimum number of digits, combining uppercase and lowercase letters, numbers, and symbols.

  • Have a Password Management Solution

If you follow the fifth and sixth tips in this article, your employees will have to remember a lot of complex passwords, which can be quite difficult. That’s where a password management solution comes into play.

This feature is capable of storing passwords, facilitating the work of users, who only need to remember the password used to access this system. What’s more, password managers still suggest codes that are unlikely to be discovered. 

Of course, like all other apps, they can be breached. Therefore, it is essential to use an extremely secure master password.

  • Adopt Multifactor Authentication in Your Company’s Routine

One of the ways to create a secure password policy is to adopt multifactor authentication (MFA). This solution brings together different mechanisms to prevent intrusions, which are:

  • Knowledge Factor: something the user knows, such as a password;
  • Ownership Factor: something the user owns, such as a token; and
  • Inheritance Factor: something that relates to who they are, as in the case of biometrics.

But remember an important detail: in the multifactor authentication, the mechanisms must be independent of each other to guarantee the protection of a system. This means that if one of the factors gives access to the other, your organization is not protected.

By reading this article, you learned what you should do to create an effective password policy for your organization. Did you like our text? Share it with someone else who is interested in the topic. 



High Availability: Technology that Guarantees Productivity and Credibility

China has Published Its Specific Law For the Protection of Personal Data. What Are The Implications?

My Company Suffered a Ransomware Attack: Should I Pay the Ransom or Not?

SaaS, PaaS and IaaS: Learn about theCloud Computing Options

Understand these solutions to choose the best alternative for your business. For many years, we have been using cloud computing to access files that are not stored on a computer, but on email servers, social network websites, or internet pages, without the need of...

What does a Chief Information Security Officer (CISO) do?

A Chief Information Security Officer (CISO) is a high-level professional responsible for the digital security of a company. If you aspire to obtain this position, read our text until the end. In it, we explain more about the profession. With the advancement of...

An overview of essential certifications for CISOs

In the world of cybersecurity, the role of a CISO is crucial in protecting data and sensitive information. To excel in this career, it is necessary to have certain certifications, including Certified Information Systems Security Professional (CISSP), Certified Ethical...

What is the role of a CISO during a cyber attack?

The CISO plays a crucial role in incident management during cyber attacks as they are responsible for implementing containment and eradication measures. However, it is also their role to detect and prevent threats. Learn more in this article about the responsibilities...

Security Training Best Practices for Privileged Users

It is essential to train privileged users to avoid cyber threats, as they are the primary victims of hackers. Read our article and learn how to do it. Privileged user credentials are among the main targets of cybercriminals since they allow them to access data and...