October 20, 2022 - admin
Password Policy Best Practices
Another 90 days have come and gone, and then you see an all too familiar security message “It’s been 90 days since you’ve changed your password”. Annoyed, you sigh and go through process of changing your password. While it sounds like you are doing your part to stay secure, that is not quite the case.
What is the Problem with Password Policies?
For most, when they are required to come up with a new, secure, and memorable password every 90-days, they will typically only change one letter or number of their last one. Sure, this fulfills the bare minimum requirements, but it makes it easy for someone to figure it out. This is because it creates a pattern where someone can guess to go up one number.
Some Poor Password Combinations:
- 123456 (used by 23 million account holders)
As you can see from the list above, anything that is a series of numbers used in order, words, and especially using “Password” is a terrible way to keep your account secure. Furthermore, if you are using a password like one of the one’s listed above only changing one character when required, it is pretty easy to see how someone could guess it.
What are Some Best Practices?
Before we get into creating the secure password itself, let’s go over some new policy rules to replace the outdated 90-day rule.
- Require Multi-Factor Authentication (MFA).
- Increase the minimum length of passwords to 14 characters.
- Screen for passwords obtained from previous breaches.
- Screen for dictionary words, and repetitive or sequential characters (e.g., ‘aaaaaa’, ‘1234abcd’).
- Context-specific words, such as the name of the service, the username, and the derivative thereof.
While it may seem intimidating to put these rules into place, there are tools to help make this process much easier. For MFA, you can set this up through Office 365. As for the other requirements you can use the PowerShell module, DSInternals which is a collection of tools that can help you secure your Active Directory.
Now you are probably thinking, “well what should my password be after of all this?”. It is no secret that using Google’s suggested password is a great strategy for protecting your account. After all, it is a long combination of random characters. However, this is also impossible to remember. Luckily there is a tool for this!
Password managers are great for storing all those hard-to-remember but secure passwords for you. Some of our favorite password managers include:
- Zoho Vault
Ultimately, this is just a foundation for staying secure. While there are a lot more you can do to further secure your AD, this is a good starting point for you and your company.
Contact us today if you like to discuss how Wowrack can help you enhance your security.