Creating a Password Policy Your

Employees Will Actually Follow

July 26, 2022 | Dashlane
Every IT department knows the struggle of educating employees about cybersecurity
and ensuring they are maintaining best practices. Creating a password policy can help
improve your company’s security posture, but when you have many other competing
priorities, rolling out the policy effectively often creates hurdles.
That’s why we’ve done some of the legwork for you. As a password management
company, we know a thing or two about creating a password policy that makes sense
and employees will follow. Use this guide to help you get started.

Want to learn more about using a

password manager?
Check out our personal plans or get started with a free trial.

What is a password policy?

A password policy is a set of best practices and rules related to password use for your
business accounts. Companies establish a policy for employees with the ultimate goal
of improving cybersecurity.
Typically, the IT department is responsible for creating a password policy, but the
success of this tool relies on all your employees. Policy awareness and education are
often part of onboarding and regular cybersecurity training. Including conversations 1

Hey there__ got a second?

about your password policy in your security awareness program is an effective way of
keeping best practices top of mind for employees.

Why your organization needs a password

policy
A password policy empowers your employees to proactively improve their security
habits by following the practices that keep your organization secure.
Your password policy helps you achieve three main objectives:

Establish a culture of security: A strong security culture helps employees understand

why cybersecurity is important to your business goals and how their actions, such as
poor password hygiene, impact the organization.
Reduce the chances of a breach or hack: By incorporating best practices such as
strong password enforcement into your policy, you are greatly improving your
company’s ability to defend against cyber attackers.
Balance security with employee needs: Building a human-centric culture—which
approaches security with empathy and caring for employee needs—is essential to
getting employee buy-in for your security practices. A password policy helps achieve
this by balancing the need to protect the organization with the need to maximize
productivity and convenience for employees.

What to include in your policy

A recent Dashlane survey found that employees whose companies require an enterprise
password manager are more likely to describe their organization as secure. If your
organization uses Dashlane and wants to create a password policy, here are some
suggestions of what to include:
Dashlane is a secure and convenient enterprise password management solution.
Avoid use of alternative password managers (also known as password keepers),
including saving passwords in your internet browser.
Use Dashlane’s password generator to create unique, strong passwords for all online
accounts.
Keep your Dashlane password health score above 90%
Do not reuse personal passwords for business purposes or the same corporate
password for multiple business accounts. Use Dashlane to identify which passwords
you are reusing.
Securely and conveniently share passwords with colleagues by using Dashlane and
no other method.
Refrain from writing passwords down on paper or saving them in a document on your
computer.
If you receive a dark web monitoring or breach alert, change the password of the
impacted accounts as soon as possible. Time matters, and this can mean the
difference between staying safe or being hacked. Think about what you would do if
you lost your credit card.
Add 2-factor authentication (2FA) for all critical accounts. Dashlane makes it easy
for you to find out which of your saved logins offer 2FA.
Skip to main content
Download our Password Policy Checklist and learn what to include in your
policy after your organization implements Dashlane.

What not to include in your policy

Fear-mongering: Focusing too much on the consequences of a breach will induce
fear and stress. Rather, strive to empower employees to take control of their
password security by emphasizing how strong passwords protect their accounts and
your organization.
Jargon: The policy should be clear to employees regardless of their level of
technological savviness. Not every employee will know what "2FA" or "dark web
 monitoring" means, for example. To ensure everyone understands the password
policy, spell out the acronyms and define terminology when necessary.
Vagueness: Many employees truly want to improve how they manage their
passwords, but they don’t always know how. Make actions and expectations clear by
using precise language. For example: “Maintain a password health score above 90%”
is better than “Maintain a high password health score.”

How to roll out your password policy

Successful adoption of your password policy relies on factors such as good employee
communication and training. Follow these suggested steps:
Inform employees ahead of time that a password policy will be rolled out at a set
date in the near future. Define what a password policy is and communicate that it
will help everyone build strong cybersecurity habits. Phrase it as “the company and
its employees versus the cybercriminals” rather than “the company versus its
employees.”
Conduct an initial training with managers so they can understand and advocate for
the policy, leading by example.
Conduct a succinct, upbeat training session for everyone else. Record it so all those
who cannot attend live can watch it later. Make it required viewing within a set
timeframe, and lean on managers to ensure everyone is able to watch it.
 At in-person work locations, place the policy prominently on posters and slides on
televisions. Send out a one-pager of the policy to all in-person and remote employees
so they have it on hand. Include name and contact information for an employee or
team in charge of answering questions.
After a few weeks, send out an optional quiz to employees about the password
policy, with each correct entrant having a chance to be randomly selected to win
prizes employees truly value. Some ideas are an extra day of paid time off, a free
lunch for their team, or a $100 gift card to a place of their choosing.
Promote on your website’s About page or social media that your company uses best
practices for password management. This demonstrates to existing and prospective
customers that you take cybersecurity seriously and maintain a human-first security
culture.
Effective enterprise password management starts with an effective password policy.
Use your policy as a tool for boosting both your security posture and your human-
centric security culture.

Ready to level up your organization's cybersecurity? Our free guide has all
the information you need to create (or update) your password policy.

Sign up to receive news and updates

about Dashlane
Enter email address

Submit

CYBERSECURITY ENTERPRISE ENTERPRISE PASSWORD MANAGER ENTERPRISE PLAN

PASSWORD GENERATOR PASSWORD POLICY SECURITY CULTURE

 SHARE

Dashlane
Dashlane is a web and mobile app that simplifies password
management for people and businesses. We empower organizations to
protect company and employee data, while helping everyone easily
log in to the accounts they need—anytime, anywhere.
READ MORE

YOU MAY ALSO LIKE

Case Study: How Kovo HealthTech ensures access and HIPAA compliance for
their nationwide workforce
Learn how Kovo HealthTech improved offboarding and HIPAA compliance for their nationwide
workforce with Dashlane.
READ MORE

Cybersecurity Q&A with Sprinto’s Co-Founder Girish Redekar

Sprinto Co-Founder Girish Redekar answers Dashlane’s questions about cybersecurity, SaaS, and
so much more.
READ MORE
What Is Clone Phishing? Common Cases & Security Tips
Clone phishing takes social engineering attacks to another level by copying legitimate emails.
Cybersecurity tools can combat these attacks.
READ MORE

BUSINESS

PERSONAL

PLANS

RESOURCES

COMPANY

FEATURES

TRY DASHLANE

BUY DASHLANE

LOG IN
 STAY IN TOUCH

English

© 2024 Dashlane Inc. All rights reserved.

Dashlane and the Dashlane logo are trademarks of Dashlane SAS, registered in the U.S. and other
countries.

TERMS PRIVACY LEGAL COOKIE PREFERENCES DO NOT SELL OR SHARE MY PERSONAL

INFORMATION ACCESSIBILITY STATEMENT