Password Policy

Passwords are essential to the security of online accounts, granting authorised access for the legitimate user to carry out tasks and keeping everyone else out. A password policy must be in place to provide a standard for creating strong passwords, which staff must follow whenever there is a password requirement. Education and awareness enforces understanding of what “strong” looks like, to make compliance much easier.

To support passwords, enable 2 Factor Authentication (2FA). A strong password will protect against forced entry but is rendered useless should the criminal obtain the information through a data breach. 2 FA is an additional layer, much like using shutters when locking up shop for the evening. Read this BLOG to find out more. 

Importance of using good passwords

Cyber criminals have developed techniques, such as Brute Force, Credential Stuffing and Password Spraying to break-in to online accounts and act as the authorised user. These attacks are successful when users create weak passwords or utilise common techniques known to the cyber criminal. Strong, unique passwords will combat these types of attacks:

password policyBrute Force: Using computing power to guess multiple combinations of passwords against a single account until the attacker gains access. Strong passwords increase the time it takes the computer to crack the password.

Credential Stuffing: Having acquired a list of usernames and passwords, cyber criminals run automated checks against multiple online accounts until they break in, stealing information and /or money. Hackers rely on password reuse to achieve their objectives. Enforce the need for staff to use unique passwords for every online account. Use a password manager to help with this.

Password Spraying: Trying a select list of commonly used passwords in conjunction with acquired usernames, forcing their way into many online accounts. A strong password is less likely to be on this list.

Click the image to see the full infographic.

Password Advice Videos

Why do we need strong passwords?

How to create a strong password

How to safely store your passwords

Extra Resources

Passwords #threerandomwords

GCA Cyber Security Toolkit