Passwords are inherently the weakest form of authentication, yet they remain the most prevalent. Many organizations realize that moving beyond this single point of vulnerability is required but replacing passwords or adding multi-factor authentication (MFA) to all use cases can be daunting if not impossible. As such, it is undoubtedly important to enforce strong password policies to ensure that this first and often time’s only line of defense can withstand common attacks.
In recent years, National Institute of Standards and Technology (NIST), National Cyber Security Centre (NCSC), Microsoft and analyst firm Gartner have put forth password best practices. Following such best practices is a good starting point, however, IT departments should consider potential risks before implementing these policies.
Read more about password best practices and how to implement them on Help Net Security.