USA +1 302 412 1512  |  BR +55 11 3069 3925 

How to Create a Secure Password Policy?

by | Feb 22, 2022 | BLOG

Having an efficient password policy is critical to the cybersecurity of companies. Since using easy-to-identify passwords is a way to facilitate scams by malicious actors. For the same reason, repeating passwords is a risky practice.

In 2021, more than 8.4 billion passwords from people all over the world were leaked and posted under the name ‘rock you 2021‘ in an online forum. What did they have in common? They used between 6 and 20 characters, without spaces, numbers, or symbols.

Other characteristics of easy-to-steal passwords are: using birthday or algorithms with repeated numbers, proper names, numerical combinations, and the word Brazil are also often found in leaked passwords of Brazilian users, in addition to the sequence 123456.

We have prepared this article especially to help you keep your company protected. In it, we will propose positive actions for an effective password policy. They are as follows:

  • Change Passwords Frequently
  • Use Software that Alerts You About the Change
  • Join an Account Lockout System
  • Train Your Employees
  • Do Not Use the Same Password for All Accounts
  • Create Strong Passwords
  • Have a Password Manager
  • Adopt Multifactor Authentication in Your Company’s Routine

Read it until the end!

Are you enjoying this post? Join our Newsletter!

Newsletter Blog EN

14 + 3 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

Why Should You Adopt a Secure Password Policy?

We know hackers take advantage of the weakness of corporate passwords in most cyber-invasions. 

Therefore, regardless of the size or industry of an organization, it is essential to have a secure password policy. After all, by adopting it, one avoids invasions that generate inconvenience and financial losses, in addition to preventing the company’s credibility from coming into question.

In practice, the password policy establishes rules to be followed by the entire team, ensuring the adoption of security requirements when creating passwords for accessing corporate devices and systems.

In the next topic, we cover some criteria you should adopt when establishing a password policy for your business. 


Positive Actions for an Effective Password Policy

You now understand the importance of creating a secure password policy for your company. Now, let’s show you how this can be done. Keep reading our text!

  • Change Passwords Frequently

It is believed that using the same password in different applications and services can facilitate the access of malicious users, and when we reduce the number of accesses with the same password, we also reduce the possibilities that they are shared and available for access by third parties.

However, the usefulness of this measure has been questioned. Microsoft itself stopped asking for the periodic change of passwords, considering this method useless. According to this report in Isto É Dinheiro, Aaron Margosis, a cybersecurity consultant at Microsoft, stated it is necessary to change the password only if it is stolen.

Despite this debate, the periodic change of passwords has still been recommended, for this reason, we explain about software that emits alerts when it is time to change them in the following topic.

  • Use Software that Alerts You About the Change

There is specific software that warns about the need to change passwords. They work as follows: when you try to access the computer after some time, you see a pop-up, warning you about the need to change your password to proceed. If you don’t, you will not be able to access the system.

These pieces of software are very useful because, over time, it is very common for people to get comfortable and fail to change their passwords within a certain time.

  • Join an Account Lockout System

Blocking accounts is a very important practice that prevents access after a certain number of attempts. This feature prevents the user from trying to access a system by testing multiple passwords until they reach their goal. This practice is known as brute force and is often used by malicious attackers to gain unauthorized access to these systems.

To get a sense of the importance this feature has, it is widely used by e-mail services and various websites.

  • Train Your Employees

If you are at the head of an organization, you should know that in addition to investing in technology to ensure information security, you need to train your employees through awareness and training to make it possible to identify and avoid threats.

Many people are unaware of the risks involved in accessing corporate systems. In these cases, it is necessary to introduce good practices and enforce them to prevent cyberattacks, including password theft. 

It is also important that these pieces of training are constant, since technology advances every day, as well as the techniques used by malicious agents.

  • Do Not Use the Same Password for All Accounts

If someone manages to steal your password from social media, for example, it is very likely they will test it on your other services, causing much more damage if you use the same password to connect to different online platforms.

Therefore, when establishing a password policy, remember to recommend that your employees have a different password for each online environment they access.

  • Create Strong Passwords

It is not enough to use passwords to access systems. It is necessary to resort to strategies that make it possible to increase the security level of the passwords used. After all, hackers often analyze users and attempt the invasion by testing obvious possibilities such as birthdates, relatives’ names, and short words.

In these cases, we recommend using a minimum number of digits, combining uppercase and lowercase letters, numbers, and symbols.

  • Have a Password Management Solution

If you follow the fifth and sixth tips in this article, your employees will have to remember a lot of complex passwords, which can be quite difficult. That’s where a password management solution comes into play.

This feature is capable of storing passwords, facilitating the work of users, who only need to remember the password used to access this system. What’s more, password managers still suggest codes that are unlikely to be discovered. 

Of course, like all other apps, they can be breached. Therefore, it is essential to use an extremely secure master password.

  • Adopt Multifactor Authentication in Your Company’s Routine

One of the ways to create a secure password policy is to adopt multifactor authentication (MFA). This solution brings together different mechanisms to prevent intrusions, which are:

  • Knowledge Factor: something the user knows, such as a password;
  • Ownership Factor: something the user owns, such as a token; and
  • Inheritance Factor: something that relates to who they are, as in the case of biometrics.

But remember an important detail: in the multifactor authentication, the mechanisms must be independent of each other to guarantee the protection of a system. This means that if one of the factors gives access to the other, your organization is not protected.

By reading this article, you learned what you should do to create an effective password policy for your organization. Did you like our text? Share it with someone else who is interested in the topic. 



High Availability: Technology that Guarantees Productivity and Credibility

China has Published Its Specific Law For the Protection of Personal Data. What Are The Implications?

My Company Suffered a Ransomware Attack: Should I Pay the Ransom or Not?

$13 million growth investment drives senhasegura’s expansion in North America and the Middle East

Written by Priscilla Silva São Paulo, March 10, 2023 - senhasegura, an award-winning Privileged Access Management (PAM) solution provider that protects corporate IT environments and critical resources from cyber threats, announces a $13 million funding round from...

senhasegura wins CyberSecured 2022 award as best PAM solution in the USA

Written by Priscilla Silva SÃO PAULO, February 28 of 2023 - The 2022 edition of the CyberSecured awards, promoted by Security Today magazine, a brand of 1105 Media's Infrastructure Solutions Group, elected senhasegura as the winner in the Privileged Access Management...

How User and Entity Behavior Analytics Helps Cybersecurity

Cyberattacks are increasingly sophisticated, making traditional digital security tools insufficient to protect organizations from malicious actors. In 2015, Gartner defined a category of solutions called User and Entity Behavior Analytics (UEBA).Its big advantage is...

Best Practices for Consolidating Active Directory

This article was developed especially for you, who have questions about the best practices for consolidating Active Directory. First of all, you need to understand that directory services have the role of organizing important information for companies in a centralized...

senhasegura introduces the “Jiu-JitCISO” concept to show the power of Brazilian cybersecurity

Written by Priscilla Silva São Paulo, January 13, 2023 - "Like Jiu-Jitsu senhasegura is about self-defense. Every company must know how to protect itself and its clients". This is the aim based on the philosophy of the Japanese martial art, but made popular and...