DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DataOps
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • Techstrong.tv - Twitch
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • Techstrong.tv - Twitch
  • Media Kit
  • About
  • Sponsor
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DataOps
  • DevSecOps
  • DevOps Onramp
  • Platform Engineering
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps
    • ROELBOB
Hot Topics
  • Azure Migration Strategy: Tools, Costs and Best Practices
  • Blameless Integrates Incident Management Platform With Opsgenie
  • OpenAI Hires 1,000 Low Wage Coders to Retrain Copilot | Netflix Blocks Password Sharing
  • Red Hat Brings Ansible Automation to Google Cloud
  • Three Trends That Will Transform DevOps in 2023

Home » Blogs » IT as Code » Identity and Access Management » 5 Password Policies to Up Your Security

5 Password Policies to Up Your Security

By: Greg Keller on February 17, 2020 3 Comments

Complex passwords can save users from being hacked—any IT admin will tell you that. Plus, countless studies and articles on password security have been published about why password policies are vital to online security. Increasing the length of passwords, adding complexity to them and never reusing passwords more than once … these are three examples of smart password policies every person and company should use. After all, stronger passwords contribute to users being safer online. And if users are safer online, then your organization is safer, too. However, your organization’s password policies must be adhered to and enforced for them to protect you from security breaches and hacks.

Recent Posts By Greg Keller
  • Server Security: Minimizing Risk in 3 Steps
More from Greg Keller
Related Posts
  • 5 Password Policies to Up Your Security
  • Bring Your Own Exploit
  • Every (Data)dog Has its Day
    Related Categories
  • Blogs
  • Identity and Access Management
  • IT as Code
  • IT Security
    Related Topics
  • password policies
  • password security
  • passwords
Show more
Show less

Password Policies to Enforce for Greater Online Security

Password policy enforcement generally refers to a number of different items, including the following five best practices:

TechStrong Con 2023Sponsorships Available
  • Length of Password – Perhaps the strongest correlation with password strength is the length of the password. As computers have become more advanced, the amount of time it takes to hack a password has become significantly less. In fact, a password that worked a couple of years ago is a weak password today. Increasing your password length will keep your user’s devices more secure. Many IT admins now advise that passwords be a minimum of 12 characters, but we suggest increasing that to an 18-character minimum.
  • Alphanumeric Characters – Requiring upper and lowercase characters and numbers greatly increases the complexity of the password. Alphanumeric characters also increase the potential combinations of passwords, making it even more difficult for a password, and thus a device or account, to be hacked.
  • Special Characters – To increase the level of password complexity, require special characters in all passwords. This password policy alone adds another 32 characters that can be utilized to strengthen passwords. In combination with alphanumeric characters, each character in a password could have 94 different choices. Better yet, make that password have 18 characters and you have 1.78e119 number of combinations. Word to the wise: It’s more secure to have long passwords with many different character choices rather than just long passwords that contain only letters.
  • Password Aging – If your organization is required to age passwords after, say, 90 days, then you’ll want to leverage this enforcement capability and have all users update their passwords every three months. There is some debate in the security community if password aging does, in fact, increase security, but we’ll leave that debate for a different blog post. As a general rule of thumb: Updating passwords to at least the same length and complexity after a set timeframe can only help to increase online security.
  • Password Lockout – Another security mechanism that we advise adopting is the password lockout. That is, to lock a user out of his or her account after too many incorrect attempts to log in. The password lockout helps prevent hackers from brute-forcing their way into users’ accounts.

Even in today’s cloud-operating and multi-device world, many IT organizations only leverage password policies if they are under compliance requirements to do so. But enforcing complex passwords by using the best practices listed above is the only way to guarantee your organization is safe from security breaches.

Of course, you must decide where to enforce the above password policies that require everyone within your organization to use complex passwords. Ideally, there is an automated central system that enforces passwords across your entire infrastructure, including your endpoint devices, servers, applications and networks. A system like this, a directory system, would take the manual work out of enforcing password policies. Modern directory-as-a-service platforms offer the ability to enforce password policies across all devices, applications and your company’s network infrastructure.

— Greg Keller

Filed Under: Blogs, Identity and Access Management, IT as Code, IT Security Tagged With: password policies, password security, passwords

« ACCELERATED STRATEGIES GROUP LAUNCHES RESEARCH STUDY INTO CORONAVIRUS’ IMPACT ON IT INDUSTRY WITH ‘HEALTH EMERGENCY IT PREPAREDNESS’ SURVEY
Collaboration Over Competition: How Companies Benefit from Open Innovation »

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Automating Day 2 Operations: Best Practices and Outcomes
Tuesday, February 7, 2023 - 3:00 pm EST
Shipping Applications Faster With Kubernetes: Myth or Reality?
Wednesday, February 8, 2023 - 1:00 pm EST
Why Current Approaches To "Shift-Left" Are A DevOps Antipattern
Thursday, February 9, 2023 - 1:00 pm EST

Sponsored Content

The Google Cloud DevOps Awards: Apply Now!

January 10, 2023 | Brenna Washington

Codenotary Extends Dynamic SBOM Reach to Serverless Computing Platforms

December 9, 2022 | Mike Vizard

Why a Low-Code Platform Should Have Pro-Code Capabilities

March 24, 2021 | Andrew Manby

AWS Well-Architected Framework Elevates Agility

December 17, 2020 | JT Giri

Practical Approaches to Long-Term Cloud-Native Security

December 5, 2019 | Chris Tozzi

TSTV Podcast

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays

GET THE TOP STORIES OF THE WEEK

  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2023 ·Techstrong Group, Inc.All rights reserved.