Optimising IT logo
Optimising IT Blog

How to Create a Secure Password Policy for Your Business

Login - Username and Password in Internet Browser on Computer Screen

Passwords are often your first barrier against unauthorised access, so making them as robust as possible is crucial to ensure the safety of your business’s data and customer information. 

Recent studies suggest that in 35% of password breaches, a weak password was to blame. With so many passwords to remember, people resort to simplistic options that are then duplicated across multiple accounts. This poses serious risks to your company-wide cyber security.  

To prevent this, you need a secure password policy. A password policy is a clearly defined set of rules that govern the update frequency, creation and storage of passwords. We’re experts in helping businesses create, implement and uphold password policies as part of our cyber security services, preventing breaches and safeguarding against would-be attackers.  


Whether it’s financial records, email inboxes, social media profiles or any of the accounts associated with your business, safeguarding your digital assets is of paramount importance. Data breaches can have untold consequences, resulting in you losing anything from stock to credit card details, potentially causing permanent damage to your reputation and profitability. 

The best method to counteract this is to enforce a password policy and follow it consistently throughout your entire organisation. 


Cyber criminals are continuously developing new ways to steal login details and hack into accounts. Some of the most common tactics include: 

  • Phishing attacks — spam emails designed to look legitimate, tricking staff into sharing sensitive information or installing dangerous malware. 
  • Brute-force attacks — a hacking method using custom code to essentially force entry. 
  • Network analysing — here, the criminal intercepts data being transmitted over a network and steals unencrypted information. 
  • Installing a keylogger — this software records keystrokes, allowing a hacker to see personal details that are typed.  
  • Shoulder surfing — when an attacker will look over someone’s shoulder in a public space to obtain information.  


The best way to create a secure password policy is to speak to an expert in cyber security consulting but to get you started, we’ve listed key points you should include: 

  • Multi-factor authentication (MFA). This process verifies a user’s identity before granting access. Popular methods include sending the individual a one-time code or asking for memorable information.  
  • Make cyber security training part of your onboarding process. Not only will this help your employees maintain good password practices from day one, but it will also foster a positive cyber security culture. 
  • Create password complexity requirements discouraging people from using personal information in logins and forcing them to include random punctuation.  


Instead of using logins containing repetitive or sequential characters or easily obtained information, such as birth dates, phone numbers or names, use an online tool to generate unique passwords randomly. Ensure they contain both uppercase and lowercase characters, symbols, punctuation and replace all instances of a particular vowel with a digit. 

Don’t forget to use a password strength tester tool to check your new details are strong enough. We can help advise on how to create strong passwords as part of our cyber security consulting 


Instead of your staff scribbling down their logins on sticky notes or in unprotected Excel spreadsheets, provide them with password management software.  

These tools will securely store all of their logins and auto-fill their passwords when required, so all they need to remember is their details to enter the managing tool. Some even include features that allow an admin to see who has access to different accounts. This gives the ability to grant someone access to a password without them even seeing it, effectively stopping the password from being inadvertently leaked. There are several password management platforms available, each with its pros and cons, but we can help you select the best one for your needs.  

Our industry-leading and fully accredited cyber security services can help you compile a comprehensive password policy and ensure your business is compliant and protected from potential data breaches. Contact Optimising IT today to speak to one of our cyber security experts.  


Climate Conscious IT

In short – it’s ‘IT for Good’. You can choose to offset your workforce’s carbon now, plan to offset their carbon in future, or do both for maximum impact.

Stay social

Latest post

Sharing is caring: