Password Policy Guidelines

home Password Policy Guidelines

Password Policy Guidelines

Password Length:

Minimum 8 to 12 characters.

Complexity Requirements:

Include uppercase and lowercase letters, numbers, and special characters.

Password History:

Prohibit reuse of recent passwords.

Password Expiration:

Change passwords every 90 days.

Account Lockout Policy:

Temporarily lock accounts after a set number of failed login attempts.

Two-Factor Authentication (2FA):

Encourage or require the use of 2FA.

Educational Resources:

Provide guidance on creating strong, memorable passwords.

Password Storage:

Use secure hashing methods with salting.


Clearly communicate the policy to all users.

Regular Audits:

Periodically audit passwords and prompt updates as needed.

Monitoring and Alerts:

Implement monitoring for unusual password-related activities.