Ensuring safety of organizational data and preventing a security breach is one of the most important things in the IT administrators mind. A common method to ensure the safety of organizational data and assure domain security is by employing password security measures. IT administrators, at their end, use frequent password expiry methods to ensure the security of employee passwords. The logic being frequently changed passwords are less susceptible to theft and unauthorized access.
Such measures appear to work as organizations which employ strict password expiry policies are less likely to have password theft cases in comparison to the ones where Windows password never expires or expires after a year or so. Hence, it is important to configure a strong password security policy.
To configure a strong password security policy you need to visit Account Policies under Group Policy settings. You need to take care of following points while designing your password expiry policy:
- Ensure that employees don’t reuse the recently expired passwords. As an end User, it is very tempting to reuse the last expired password or the one before that. This can be enforced using enforcing password history where Windows remembers the recently expired password and prompts when a User enters a recently expired password.
- Second important thing is how often the password expires i.e. the password age. Maximum password age can take any value up to 999. A safe password age can be anything between 20 to 60 days depending on the specific organization.
- Another important thing is complexity requirement and the minimum password length. The longer the password the lesser is the chance to guess the password or see it while someone is typing it.
Strict password policy may ensure security but at the same time it often causes loss of productivity as employee cannot log in to their system and wait for IT helpdesk support to get their password reset. IT helpdesk staff at their end have lots of such issues to take care of and a lot of resource is required to timely solve such issues. This in turn, requires significant investment particularly for organizations having a large employee base.
Hence, along with configuring a strong password security policy, it is also important to have a way to manage soon to expire passwords. A mechanism to remind Users through email or other methods before their password expires to enable them to take timely action before their system becomes inaccessible. Windows gives password expiry alert but Users may tend to ignore them and get their account locked.
You as an administrator can configure scripts to remind Users before password expiry through emails so that they change they password in time. Besides, there are a number of third-party tools which can take care of password expiry issues of all Users in the organization.
They not only remind Users of the impending password expiry but also intimate Administrators about the same. These applications let you manage multiple domains from a centralized platform and generate a number of reports for management information about password expiry. Lepide User Password Expiration Reminder is one such tool to manage password expiry in organizations.