Velo's Top 2 Password Policy Standards

Throw out those sticky note passwords, and start embracing a better password policy for your business today.

‍I’ll bet you didn’t wake up today thinking, “I hope I get to learn more about good password policy today!” But here we are, and it’s an excellent place to be for a short 3 minutes if you prefer to avoid lawsuits, especially those related to ransomware, system failure, and “gross negligence…” as the plaintiffs like to call it.

If you have any interest in IT security, you probably know why sticky note passwords make for some scary high risk. However, you can protect your team and your business from this particular kind of bad password hygiene with Velo’s Top 2 Password Policy Standards.

1. Implement a password expiration policy.

Think of all the times you’ve seen someone share a password with a co-worker, “just because it was easier,” than setting up a new and separate account for them on certain web apps or with particular online websites. How many times was that password the same password used to log in to your company’s domain or network?

As you know, projects conclude, collaborations end, and people leave teams. A password expiration policy will help you avoid any surprise issues from ex-employees with nefarious intentions as well as any problems stemming from passwords compromised by data breaches outside your organization affecting your employees. Additionally, as your business expands, you or your clientele may encounter industry regulations requiring a myriad of IT security precautions to protect private and confidential data – not least of which is the implementation of an expiring password policy.

2. Implement Multi-Factor Authentication (MFA).

To avoid breaches related to stolen passwords, IT people everywhere are implementing MFA as part of their standard password policy. Just because someone has stolen a password doesn’t mean they’re getting into your company network if you have MFA enabled.

With a secondary form of identification required to log in, your sticky-note-password-people will have an added layer of protection to save them from their folly. MFA will require them to type in their password and provide a second form of ID. Commonly used factors include:

• Tokens or codes that change every thirty seconds available via an app on your phone such as Microsoft Authenticator, DUO, and Google Authenticator
• Biometric readers such as iris scans or fingerprint scans for more advanced security goals

While it may take some patient communication with some of your slow change adopters, MFA implementation provides a very effective defense layer as you work to improve IT security for your organization.