7 Tips on Creating a Password Policy for Your Organization

7 Tips on Creating a Password Policy for Your Organization


Nearly 63% of all data breaches occur due to weak or stolen passwords. What’s even more surprising is that 83% of data breaches go undetected for weeks.

In a recent study, 72% of companies report cyber attacks.

The stats reveal how vulnerable we all are to being hacked. Your personal, professional, financial, and customer data could be at risk and you can lose it all at the drop of a hat. And that could cost you not just thousands or millions of dollars worth of monetary loss, but it also puts your business reputation and long term success at stake.

You have no choice but to treat your password policy with utmost seriousness. It’s a non-negotiable, critically important aspect of your security.

In this article we will give you 7 tips to create a secure password policy and provide you with recommendations for stronger passwords.

Let’s begin!

1. Have a Strong Password

This is a no brainer, really. To prevent your passwords from being hacked, you need to have a strong one in the first place. A password that’s not easy to guess, doesn’t contain a common word or expression, or any personal information people can access.

As a general rule of thumb, your password should have a minimum of 8-12 characters, with a mix of uppercase and lowercase letters, numbers, special characters. It needs to be memorable, yet super hard or nearly impossible to guess. Even if someone saw you typing your password on a keyboard, they should never be able to follow what you’re typing. Some examples of what a strong password looks like include:

(Image Source)

The reason why the above passwords are strong is because they don’t combine words or expressions together in the way they’re actually written or typed. For example, Dog.lov3r breaks the word ‘lover’ into ‘lov3r’ which is an unusual combination of letters.

If you can’t think of too many unique passwords for your various accounts, consider using a password generator to help you come up with a strong password.

2. Come Up with Different Passwords for Different Accounts

The biggest mistake you can make is to use the same password for all of your logins. In this case, if one of your applications gets hacked, the rest do too.

You need to ensure you’re using different passwords for all your accounts. If it’s confusing for you to remember them all, you can use an advanced password management tool to store your passwords (next tip).

Ensure each one of your passwords is completely unique, so nobody can hack all of your accounts together in one shot!

3. Use a Secure Password Management Tool

If it’s hard to generate unique passwords, and retrieve them when needed, then we’d recommend using an advanced password management tool, like LastPass. The important thing is to ensure your password management tool has a great reputation for security in the marketplace, and ideally uses two-factor authentication to log you in.

The benefit of using two-factor authentication is that there are two layers or types of information required before you log in. It’s not just a password that will let you in. Usually, applications that use two-factor authentication are able to generate a unique code sent remotely to a trusted device, so only authorised personnel can log in.

This puts in an added level of security, and ensures that only a few selected authorised people have access to your passwords.

Definitely do not write down your passwords anywhere. If you have to store them somewhere, ensure they’re only stored safely in your password management tool.

Another important and often overlooked consideration is to never ever use the ‘remember password’ feature on your browser. It can pose a serious risk if your computer gets hacked.

We’re referring to the prompt your browser will show you when you’re logging into any account on your computer that offers to ‘remember’ your password. This is dangerous if someone else hacks your computer, because all of your passwords will then be saved in your browser, easily accessible to hackers.

4. Do Not Discuss Your Password Policy with Anyone

It’s a matter of utmost importance that you maintain strict confidentiality standards over your password policy. The usual rules of not discussing passwords in public or in the office with colleagues apply by default, and there’s more to it.

You can raise the bar around confidentiality by imposing strict penalties on breaches to the policy, so people take this seriously. The higher the penalty, the more seriously your staff will take it. Noone wants to breach a policy if it costs them their job or reputation.

Never openly discuss your password policy with anyone, apart from authorised personnel. Only the ones who should have access to specific applications should know the passwords to them, and nobody else.

5. Think Like a Hacker to Beat the Hacker

If you want to protect yourself from being hacked with an effective action plan, it’s important you think like a hacker and foresee all possible moves they might make.

An innovative approach is to hire a professional hacker and ask them to try to hack into your system. This might pinpoint loopholes in your password policy as well as your security in general. Pay them a fee for their services and for sharing their way of hacking you, and then think about ways to beat the hacker’s mindset.

There are many possible ways hackers can attack your passwords, through phishing attempts, viruses, and other means. You should be aware of all the tricks they’ve got up their sleeve, so you have a foolproof way of protecting yourself.

6. Change Your Passwords Frequently

You should change your passwords frequently at regular time intervals on the off chance that someone becomes aware of one of your older passwords.

The most effective way of doing this is to set a reminder for when to change your password. Make it a compulsory change, so your staff has to rethink their passwords before they’re allowed to log into their respective accounts.

The higher the level of your security risk, the more frequently you should change your passwords. For instance, if there’s a password for your accounting software that contains your business’ financial information, you should change it more often than you would change the password for unlocking your computer.

7. Update Your Password Policy Regularly

The world of cyber security is continuously evolving and to be effective in protecting your business, you need to be up to date with the latest technology trends so your password policy doesn’t become obsolete.

Hackers are also getting more advanced all the time, so it’s important you regularly revisit your password policy to update it. Consider hiring a cyber security professional to help you with this review process and seek their insights to strengthen your password policy.

Never underestimate the importance of having a strong password policy for your organization. Even if you do manage to create an unhackable password policy, it’s always best to seek legal advice on what to do if your passwords get hacked despite best efforts.

Another source of protection is to consider purchasing business or cyber liability insurance so you manage your risks of being hacked more effectively, and have a plan of action in place for the worst case scenario. You’ll have more peace of mind!

Do you have a password policy for your business?

María is an enthusiast of cinema, literature and digital communication. As Content Coordinator at HostPapa, she focuses on the publication of content for the blog and social networks, organizing the translations, as well as writing and editing articles for the KB.

decorative squiggle

Skyrocket your online business with our powerful Shared Hosting

Shared Hosting from HostPapa is suited for all your business needs! No‑risk 30‑day money‑back guarantee. 99.9% uptime guarantee. 24/7 support. Free setup & domain name.†

Related Posts

HostPapa Mustache