Scribd
Upload
15 views

Password Policy

Uploaded by

ferhatghellai
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
15 views

Password Policy

Uploaded by

ferhatghellai
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

Organization’s Password

Policy

Ali Ali
Digitally signed by Ali Ali
DN: c=LB, st=Beirut, l=AA,
o=MISC, ou=ISC, cn=Ali Ali
Date: 2024.08.14 20:08:50
+03'00'

With Ali Ali


Cybersecurity Awareness Guide for Employees

Organization’s Password Policy


1. Creating Strong Passwords
• Policy: Passwords must be at least 12 characters long and include a mix
of uppercase letters, lowercase letters, numbers, and special characters

 Example: Instead of using a simple password like “password123,”


you should create a stronger password such as “P@ssw0rd!2024”.
This makes it much harder for attackers to guess or crack your
password

2. Regular Password Changes


• Policy: Passwords must be changed every 90 days

 Example: Even if your current password is strong, changing it


regularly reduces the risk of it being compromised over time. Set
reminders to update your passwords and avoid reusing old
passwords
Cybersecurity Awareness Guide for Employees

Organization’s Password Policy


3. Avoiding Password Reuse
• Policy: Do not use the same password for multiple accounts

 Example: If you use the same password for your work email and
personal social media accounts, a breach in one could lead to
unauthorized access to the other. Use unique passwords for each
account to limit the impact of a potential breach

4. Using Multi-Factor Authentication (MFA)


• Policy: Enable MFA wherever possible

 Example: MFA adds an extra layer of security by requiring a second


form of verification, such as a code sent to your phone, in addition
to your password. This makes it much harder for attackers to gain
access even if they have your password
Cybersecurity Awareness Guide for Employees

Organization’s Password Policy


5. Keeping Passwords Confidential
• Policy: Never share your passwords with anyone

 Example: If a colleague asks for your password to access a shared


resource, direct them to the IT department to get proper access.
Sharing passwords can lead to unauthorized access and potential
security breaches

6. Using Password Managers


• Policy: Use approved password managers to store and manage
passwords

 Example: A password manager can generate and store complex


passwords for you, reducing the need to remember multiple
passwords and ensuring they are stored securely
Cybersecurity Awareness Guide for Employees

Organization’s Password Policy


Consequences of Not Following Password Policies
• Data Breaches: Weak or reused passwords can be easily compromised,
leading to unauthorized access to sensitive information

• Financial Loss: Breaches can result in significant financial losses due to


fines, legal fees, and remediation costs

• Reputational Damage: A breach can damage the organization’s


reputation, leading to a loss of trust among clients, customers, and
partners

• Operational Disruption: Breaches can disrupt business operations,


causing delays and loss of productivity
Cybersecurity Awareness Guide for Employees

Organization’s Password Policy


Preventive Measures
• Regular Training: Ensure employees are aware of the password policies
and understand the importance of following them

• Monitoring and Enforcement: Implement systems to monitor


compliance with password policies and enforce them through regular
audits and checks

• Incident Response Plan: Have a plan in place to quickly address and


mitigate the effects of a password-related breach
Cybersecurity Awareness Guide for Employees
Organization’s Password Policy
Avoid Common Passwords
Why Common Passwords are Risky?
1. Easily Guessable:
 Example: Passwords like “123456,” “password,” and “qwerty” are
among the most commonly used. Hackers often try these first when
attempting to gain access to accounts because they are so
predictable

2. Brute Force Attacks:


 Example: In a brute force attack, hackers use automated tools to try
every possible combination of characters until they find the correct
one. Common passwords are cracked almost instantly because they
are often included in precompiled lists used by these tools
Cybersecurity Awareness Guide for Employees
Organization’s Password Policy
Avoid Common Passwords
3. Credential Stuffing:
 Example: If a hacker obtains a list of usernames and passwords from
a data breach, they can use those credentials to try to log into other
accounts. If you use a common password, the likelihood of it being
on such a list is high

• Examples of Common Passwords to Avoid


“123456”
“password”
“123456789”
“12345”
“12345678”
“qwerty”
“abc123”
“password1”
“111111”
“letmein”
Cybersecurity Awareness Guide for Employees
Organization’s Password Policy
Avoid Common Passwords
Consequences of Using Common Passwords
• Data Breaches:
 Example: If your email account is compromised because you used a
common password, hackers can gain access to sensitive information, send
phishing emails to your contacts, and potentially access other accounts
linked to that email

• Financial Loss:
 Example: Using a common password for your online banking account can
lead to unauthorized transactions, resulting in significant financial loss
and the hassle of resolving fraudulent charges

• Identity Theft:
 Example: If a hacker gains access to your social media accounts using a
common password, they can steal personal information, impersonate you,
and potentially commit identity theft
Cybersecurity Awareness Guide for Employees
Organization’s Password Policy
Create Strong Password
How to Create Strong Passwords
1. Use a Mix of Characters:
 Example: Create passwords that include uppercase and lowercase
letters, numbers, and special characters. For example,
“P@ssw0rd!2024” is much stronger than “password123.”

2. Avoid Predictable Patterns:


 Example: Don’t use easily guessable information like your name,
birthdate, or common words. Instead, use a random combination of
characters, such as “G7h!2kL#9m.”
Cybersecurity Awareness Guide for Employees
Organization’s Password Policy
Create Strong Password
How to Create Strong Passwords
3. Use a Password Manager:
 Example: A password manager can generate and store complex
passwords for you, ensuring that each of your accounts has a
unique and strong password without the need to remember them
all

4. Enable Multi-Factor Authentication (MFA):


 Example: Even if someone guesses your password, MFA adds an
extra layer of security by requiring a second form of verification,
such as a code sent to your phone
It’s NOT BUSINESS, It’s Very PERSONAL
Questions

Ali Ali

You might also like