Best Practices for your Password Policies
Passwords protect all of our data. Imagine what could happen if a stranger knew our passwords for our bank accounts, PayPal, Amazon, or anything of the sort. We'd almost certainly make changes to the password right away to prevent that access from becoming an issue. Far too often, however, we neglect the importance of our profile passwords at work that grant us access to potentially sensitive information about customers or employees. Below we have outlined a few best practices that can assist greatly in protecting your information.
Length of Passwords
The longer the password, the more secure the system and it's information are. Length comes at the cost of convenience and longer passwords tend to become more difficult to remember correctly. Each user will need to decide for themselves what they can remember, but we recommend that you require all passwords be at least 7 characters long.
Characters to Include
Speaking of characters, the types used in your password should provide security. It is much easier for someone to guess your password if it is simply a string of letters or numbers. The most secure passwords contain multiple types of characters. Character types include lowercase letter, uppercase letters, numbers and special characters (!@%). We recommend that passwords contain at least 3 of these character types.
For instance, GoEagles! would work because it is longer than seven digits, contains uppercase and lowercase letters and a symbol. You can also substitute a numbers or symbols for one of the letters creatively like writing GoE@gles or GoEag1es.
maintain a secure password for network access, you can require all users to change their existing passwords after a certain period of time has passed. This ensures that those with malicious intent are not allowed limitless time to crack a password. For example, if passwords are to be changed every 120 days, after 110 days, the system will start to prompt you to change your password. The system will maintain a list of old passwords, so try not to use passwords similar to those used before if this is something you plan to implement.
Making sure that screens time out can help prevent a user other than the logged in user making changes. Your system can be set to automatically lock the desktop if it does not already do so. This will require you to re-enter your password if the desktop has not been active for a specified period of time. After the desktop is locked, only the user or an administrator will be able to login to the system. We recommend that 15 minutes be used.
Ridge Support can take a look at your current password policies, recommend any changes and assist you in implementing them or simply answer any questions you may have.