Passwords remain one of the weakest points in systems security and ensuring that user passwords are secure is of critical importance to all organizations.
There are a few reasonable approaches for password policies for most organizations.
- Stronger passwords that change less frequently (example: 15+ character passphrases that change annually)
- Weaker passwords that change more frequently (example: 8+ character passwords that change quarterly)
- Any password with multi-factor authentication enforced
(Note: since June 2017, it’s no longer best practice to require arbitrary password changes, per the National Institute of Standards and Technology, a division of the US Department of Commerce.)
Default or vendor supplied passwords should never be used for software or hardware devices. Always change these passwords immediately to something more secure, following your organization’s policy.
Set your organizational policy (in writing) to require strong authentication for remote access to sensitive information, which might include email. Strong authentication means at least sufficient password strength but Coalition also recommends Multi-Factor Authentication wherever possible.
As always, Coalition is here to help you on your way. Please reach out to us for additional information!