A minimum password length of at least 12 characters, with no maximum length restrictions - use automatic blocking of common passwords using a deny list, promote the use of strong password standards (education)

Password length is directly proportional to how fast your password can be cracked. Enforce a system of passwords at least 12 characters long and do not limit the length. Consider also using additional password rules such as the 3-random-word rule. The weakest part of a system is always the human element so educate your staff on password guidance, this guide is very informative and understandable: https://www.ncsc.gov.uk/collection/passwords/updating-your-approach.

Last changed: 13 August 2022