Develop a single password policy that is implemented consistently across users and systems. Consider potential external and internal threats, as well as user behavior. Communicate the policy to employees and other users, and monitor for compliance.
Develop and enforce password formation and usage guidelines.
Password formation and usage guidelines are the external representation of the user and system administrator portions of a password management policy. Password formation must achieve a balance between password strength and usability. This will minimize help desk calls and avoid the possibility that users will write down their passwords, thus making them vulnerable to discovery by attackers. Password usage guidelines ./res/define acceptable user and system administrator behavior in the areas of password secrecy and integrity throughout the password life cycle.