Professional Documents
Culture Documents
for a strong
password policy
in your business
Company Password Policy
Requiring a minimum password length helps to ensure that passwords are more difficult
to guess or crack. Longer passwords are generally more secure because they have more
possible combinations, making it harder for attackers to guess or use a precomputed list
of common passwords (a technique known as „dictionary attack“).
Requiring regular password updates has long been seen as a crucial security measure,
aimed at minimizing the risk of compromised or weak passwords being exploited over
time. In the past, it was widely recommended to enforce password changes every 90
days (or 180 days for passphrases) according to the guidelines set by NIST. However, this
approach has proven to have unintended consequences, as frequent password changes
often lead to user frustration and increase the likelihood of individuals reverting to
old passwords or adopting predictable patterns. Such practices undermine the overall
security of your information systems.
Prohibiting the reuse of recent passwords helps to prevent the use of compromised or
weak passwords. If a password is compromised or becomes weak, requiring users to
choose a new password helps to ensure that the password is not used again.
Prohibiting the use of common passwords and easily guessable information helps to
prevent the use of passwords that are easily guessed or found in precomputed lists of
common passwords.
sales@hypervault.com