Concept 11
Password Policies
Rules for creating and managing passwords.
Password policies define the rules for creating and managing passwords.
The goal is:
“Make passwords difficult for attackers to guess.”
Common password policy requirements:
- Minimum length
- Complexity requirements
- Password expiration
- Password history
- MFA usage
Good password policies reduce:
- Brute-force attacks
- Password guessing
- Account compromise