What elements are crucial to include in a password policy? I'm putting one together and thought I would tap into the collective power of this group to see if someone out there has a good one they'd like to share.

Peer Insights
650 views4 Comments
Chief Information Security Officer in Healthcare and Biotech, 1,001 - 5,000 employees
1. Alphanumeric 
2. More than 10 charecters
3. Age should not be more than 30days.
Director in Manufacturing, 1,001 - 5,000 employees
In addition to the rules mentioned

No reuse of passwords
60 days of duration
No repeating characters
At least one capital one lowercase one number one special character
VP Information Security Assurance, 10,001+ employees
While designing this policy, consider the following aspects ( i may be stating the obvious here)
> your regulators and customers like to "see somethings" covered in a password policy (or a passphrase policy). Pl factor those
> what does your management direction on password/ less-password (like Windows Hello ) . factor that. The password/passphrase must tie into your org's overall Identify management direction or approaches to ZeroTrust type approaches.

> who is it for 
- standard user (who may have more relaxed regime)
- privileged  user (more stringent or complex + MFA)
- service accounts 
- shared accounts (like a team mailbox)
- non-human IOT or break glass accounts

The regular elements to include
- length (8/10 for standard, 12/15 for privileged & service, 4/6 PINs for IOTs?)
- is pin/passphase an option you want?
- complexity (uppercase,lowercase, spl char)
- controls against use of common dictionary words and running numbers (like123)
Senior Information Security Manager in Software, 501 - 1,000 employees
I'll let Bruce Schneier do the talking here.  See https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html
1

Content you might like

Where will firms focus their digital transformation efforts next?

IT Strategy & RoadmapPeer Insights

Sales and Marketing7%

Operation41%

Customer Interaction19%

Compliance14%

Risk and Fraud Management5%

Strategic Planning3%

Finance/Accounting3%

Data Security and Privacy5%


279 PARTICIPANTS
1.2k views

What is the thing you associate most with IT governance eco-systems and frameworks?

Management ToolsPeer InsightsPeople & Leadership+2 more

Compliance activities16%

Best practice implementation58%

Process maturity assessments and improvement24%

Centres of Excellence2%

Other - Please specify in the comments0%


96 PARTICIPANTS
212 views

What are some best practices, including those commonly used in other companies, for managing contingent workers, especially in terms of tracking and verifying time and pay rates for maintenance and construction work? This includes considerations like tracking level (project vs. task), accuracy verification, using data sources (e.g., security card swipes, GPS tracking), and the digital/self-service aspect (what's the difference on mobile or a web app vs. spreadsheet or paper-based). 

Peer InsightsProcurementEnterprise Resource Planning (ERP)+1 more
3.6k views4 Upvotes

What technology solution are you using for your employee experience platform?  How does it integrate with your HCM solution and intranet solution?  Any do's and don'ts, lessons learned to share?

Applications & PlatformsPeer InsightsStrategy & Architecture
Read More Comments
836 views3 Comments

How can one create an access control system design guide or playbook?

Peer InsightsIT Strategy & Roadmap
413 views1 Upvote