5 Tips for creating a better password policy at your company

We don’t just create accounts and credentials as a frivolous act. Accounts are designed to protect something, like your most critical assets. So why create accounts for security, without implementing security protocol?

The most utilized form of authentication for accessing an account is a username and password. 

The most common authorization protocol is a username and password. How can you ensure your assets are safe? (Photo/Free Stock Photos)

Unfortunately, weak passwords, smarter automated password-cracking programs, hackers, and spammers have rendered this type of authentication the weakest link in cybersecurity.

Therein lies the problem, our weakest security link is protecting our most valuable resources. For that reason, implementing a better password policy to protect your resources is imperative.

Here are five steps for implementing an effective password policy at your company.

The importance of a strong password policy may seem obvious, but many organizations haven’t created a formal procedure each employee must adhere to. Here are five tips for implementing an effective password policy.  

Don’t change passwords often

Against popular belief, regular password changes might be more detrimental to cybersecurity than previously thought. According to National Cyber Security Centre (NCSC), changing passwords every 30 to 90 days may not carry any real benefit because when compromised, because hackers will exploit the vulnerability immediately. Changing passwords often can lead to password syndrome, and be counterproductive.

Place all devices under your policy

Outline which devices need to follow password policy including:

  • Personal computers
  • Laptops
  • Company-issued cell phones
  • PDAs
  • USB memory keys
  • Electronic organizers

Or any other device that is connected to your company’s network. Hackers can find backdoors in any connected device. Implementing comprehensive password requirements is critical for blocking attackers.

Create specific password requirements

The longer and stronger our passwords are, the more impenetrable they become. Set requirements that outsmart password-cracking programs.

Here is an example of what it takes to create a strong password:

  • All passwords must be at least ten characters in length and must contain;
  • At least one number
  • At least one special character
  • At least one uppercase and one lowercase character
  • Cannot contain your first name or last name
  • Cannot be an exact match of your last two passwords. 

Limit your surface area

Only provide login credentials to staff that absolutely need access to the resources. By limiting access, you’re giving yourself a smaller surface area to protect. Less staff access means less room for human error and fewer passwords with the potential to be hacked. When you do need to share confidential information, do so with password protected file transfers. Consider linked licenses like the ones EZPD creates for incognito passwords, which are invisible to hackers.   

Give your team the tools to succeed

The best way to enforce your password policy is to ensure your entire team is on the same page, and have what they need to implement the policy seamlessly.

Provide your team with software that helps create strong passwords.  

EZPD is a great solution for workplace password generation and regeneration. EZPD is easy to customize for your internal password requirements. The proprietary, node-locking system EZPD uses means passwords are invisible to hackers. And, rather than storing passwords, EZPD regenerates passwords on demand. This cutting-edge take on password creation keeps passwords from being your weakest security link. Learn more about EZPD’s unique features.