Best Practices

Best Practices » Password Policy Best Practices

Password policy best practices for Active Directory and cloud applications

Securing user accounts and enhancing the security stance of organizations is a mammoth task. Here are a few do's and don't s for users and admins to ensure password security.

Password best practices for users: Do's and Don'ts

  1. Do not use commonly used passwords like "Password", your name, or a dictionary word.
  2. Do not use keyboard sequences or patterns in your password.
  3. Do not use easily available information like your date of birth, your phone number, or your license plate number.
  4. Do not use default passwords.
  5. Use passwords with a minimum length of 10 characters, that includes numbers, uppercase and lowercase alphabets, and special characters.
  6. Use passphrases.
  7. Do not reuse passwords across multiple accounts.
  8. Do not share passwords.
  9. Do not write your passwords.
  10. Change your passwords every 90 days.

Expecting users to follow all the above best practices on their own is a tall order. ManageEngine ADSelfService Plus, an integrated self-service password management and single sign-on solution, helps admins set up stringent password policies for Active Directory and cloud applications and ensure users create strong passwords. It offers advanced password policy options that can:

  1. Eliminate password reuse by enforcing password history.
  2. Handle credential-based attacks by restricting weak passwords, dictionary words, keyboard sequences, patterns, and palindromes.
  3. Use the Have I been Pwned API service to ensure users don't use previously breached passwords during self-service password reset and password change.
  4. Curb brute-force attacks by enforcing minimum and maximum password length for users based on their OU and group memberships.
  5. Help users create strong passwords by displaying password strength during password resets and password changes.
  6. Encourage the use of passphrases.
  7. Reset service account passwords once a year. Reset local admin passwords every 180 days. This can be done with ADSelfService Plus' automatic password reset tool.
  8. Audit password self-service activities of users.
  9. Automatically send password expiration alerts to users on their soon-to-expire passwords via SMS, email, or push notifications.
  10. Enforce endpoint multi-factor authentication (MFA).

Enforce password policy best practices.

Get Your Free Trial

Thanks!

Your download is in progress and it will be completed in just a few seconds!
If you face any issues, download manually here

Self-service password management and single sign-on solution

ManageEngine ADSelfService Plus is an integrated self-service password management and single sign-on solution for Active Directory and cloud apps. Ensure endpoint security with stringent authentication controls including biometrics and advanced password policy controls.

Back to Top