Password Policy

This policy establishes standards for creating and managing secure passwords to protect organizational assets and information. Following NIST and ISO 27001 recommendations, our password policy includes:

• Minimum Length: Passwords must be at least 12 characters long.
• Complexity: We encourage the use of passphrases rather than enforcing complex character requirements.
• Password Screening: New passwords are checked against lists of commonly used or compromised passwords.
• Expiration: Regular password changes are not mandatory unless there's suspicion of compromise.
• Multi-Factor Authentication (MFA): MFA is required for all accounts, especially those with privileged access.
• Password Managers: The use of approved password management tools is encouraged.
• Secure Storage: Passwords must be stored using strong, salted cryptographic hashing algorithms.

This policy applies to all employees, contractors, and systems within our organization. It aims to enhance our overall security posture while balancing security needs with user convenience.