Password Policy Best Practice
- Passwords should be at least 8 characters long, and contain a combination of upper-case letters, lower-case letters, numbers, and symbols
- Passwords should not contain common words or phrases
- Passwords should be changed frequently, around every 90 days
Hacking attempts are a constant concern for business security. A common threat is the gathering of credentials for a business’s email server. With these credentials, miscreants can utilize the email server as a launch pad for sending spam messages. This can cause the mail server to be blacklisted by various organizations, preventing your legitimate emails from being delivered to their recipients.
A simple way to prevent this type of attack is to practice secure password policy. A number of factors go into choosing and maintaining a secure password:
Length and Complexity
Passwords are typically hacked using “brute-force” techniques that try random combinations until finding one that works. The longer and more complex your password is, the more difficult it is for hackers to ascertain it. Passwords should be at least 8 characters in length, and they should contain characters from at least three of the four groups: upper-case letters, lower-case letters, numbers, and symbols.
Passwords containing common words are the easiest to hack as the pattern of letters narrows the possibilities. It’s best to avoid using common words or names for passwords for highest security. To ensure a good combination of security and memorability, you can substitute some letters in a word for similar numbers or symbols. For example, use @ppl3 instead of apple or ta!! to replace tall.
Even the strongest password is only effective for so long. It is important to continue to change your password on a regular basis to make sure a compromised password doesn’t stick around. It is recommended to change your password at least every 90 days for good security.