A password policy is an essential document that contains all the information regarding passwords. This is the document that will be followed by all employees to ensure that strong passwords are in use within the business.

Getting Started

Creating a password policy document is an essential function in creating a written security program. Your password policy should be accessible to all employees that have access to company resources. The document should be easily readable and structured to be quickly referenced. Putting in place strong password requirements is a very important consideration. Making passwords long, complex, and changed on a regular basis can help to thwart password based attacks in today's world.

What to include in your Password Policy

When creating this artifact you should include the following areas.

• Password Requirements
• Key Practices
• Password Recovery Procedures
• Revisions

Each of these cover essential topics that should be defined and built by your organization. Ensuring that the contents within this artifact are put in place on all technical applications and tools within your organization will help to keep this artifact valid.

What should I stay away from

When creating an artifact try and stay away from any super technical jargon. One of the main reasons we create these documents is to have them be readable and follow-able by other individuals.

If you are creating an artifact based on a specific security framework or creating one based on compliance. It is ideal to include sections and content based on that groups requirements. Doing some reading of documentation should tell you what you should include.

Keep these documents available to your team and to the individuals that need to use or view them. Locking these artifacts up only hurts you and the people that should be using them.

Download

Need Help?

We work with a lot of companies that are unsure what they need to have in place. Identifying which technical documents you need or don't need in your organization can help you when it comes to having an audit. If you want to stay a few steps ahead when an attack happens reach out.