This website uses cookies to ensure you get the best experience on our website. Learn more
Password security best practices – Infographic
Updated: October 3, 2016 – With data breaches and security flaws a regular occurrence in our digital lives, we have taken a natural interest in protecting our personal and financial information. A secure password, is the first line of defense. To help our customers make better password choices, we recently published the below infographic, which outlines current password security best practices. The tips were generated following several discussions with our Product Specialist team. Our experts work closely with our password management clients and advise on best practices for remaining compliant and protecting information against the latest threats. Their close interactions with clients also shape the future of our password products – a recent example being new capabilities in Specops Password Policy which allows administrators to block common passwords and password hashes from leaked lists.
While the recommendations in our infographic are closely aligned with industry best practices, there can be conflicting opinions. For example, while compliance requirements, such as PCI, recommend a 90-day password expiration period, some experts now recommend never changing your password. According to these experts, the more users are forced to change their passwords, the more similar their passwords will be, posing a greater security risk. Additionally, they argue that new passwords are more easily forgotten, which carries productivity costs when users are locked out – a problem that we believe can be avoided with a password reset solution.
There’s no shortage of resources that can help you tighten password security. Infographics are user friendly, and a good place to start. But to take password security seriously, you should ensure that the best practices you follow are aligned with regulatory compliance requirements such PCI, HIPAA and SOX. Finally, as new threats emerge your password policy will require adjustments. Be prepared to embrace change! We will update our infographics as more data becomes available to ensure that we are sharing the latest best practices. Check back often so you don’t miss out!
(Last updated on November 8, 2024)
Related Articles
-
HIPAA compliant password manager
Compliance with industry regulations are extremely important to IT priorities, and cybersecurity. One of the more prominent standards for safeguarding personal data is the Health Insurance Portability and Accountability Act (HIPAA) which provides guidelines for organizations dealing with protected health information (PHI). For sysadmins, compliance with HIPAA requires visibility and technical controls to protect electronic personal health information (ePHI). Naturally, this includes password security in the environment. To simplify password management for users, and improve password security,…
Read More -
HIPAA Security Rule Guidance for passwords
There are an alarming number of cyberattacks targeting the healthcare industry. In October 2020, the FBI released a security warning to hospitals and government agencies of an imminent danger of ransomware attacks. Attackers were said to be targeting healthcare providers with the Trickbot malware. Trickbot is associated with ransomware attacks, theft of data, and other…
Read More -
NYDFS cybersecurity regulation requirements
Financial organizations house a myriad of sensitive customer data, including login credentials, personally identifiable information (PII), and account numbers. With valuable data at stake, the financial services industry repeatedly has the highest cost of cybercrime. As the threat of breaches looms across the industry, and remote work introduces more variables into the cybersecurity equation, it’s clear that proactive measures are necessary. The New York State Department of Financial Services (NYDFS) introduced a Cybersecurity Regulation (23…
Read More