Password policy best practices for strong AD security
A strong password policy is the first line of defense against cyber criminals and critical business data. However, the recent emphasis on stricter password policies - passwords need to be complex, lengthy, and frequently changed - has end users fatigued. This has led to users setting weaker passwords by exploiting gaps in the policy.
A robust password policy tip-toes the line between enforcing complex password and secure but user-friendly passwords. Here are a few password policy best practices that can be implemented in your organization.
Using Strong Passphrases
Passphrase and passwords, in spite of serving similar purposes, make a world of a difference. Complex passwords puts the pressure on the end user as they are difficult to recollect and many times, easy to crack. However, passphrases are long, sufficiently complex and are much harder to crack, despite being easy for the end users to remember.
Minimize Regular Password Changes
Enforcing a mandatory password change every 30 or 60 days can actually do more harm than good. When users are forced to change passwords in such a short duration, they resort to choosing similar passwords which on the contrary, can reduce security.
Enforce Passwords to Meet Complexity Requirements
Simple passwords can be broken into easily with brute-force hacking. Enforcing password complexity requirements will go way beyond the security offered by the basic password and account policies. Password complexity requirements can be configured to follow these basic guidelines:
Passwords can’t contain the user name or parts of the user’s name.
Passwords should utilize combinations of characters, numbers, symbols, as well as upper- and lower-case letters.
A strong password policy when used along with a 2FA system will help keep attackers at bay and safeguard your systems. Keep these points in mind while putting together a robust password policy for your organization.