Skip to main content


Home Password policy

Password policy

Password policy definition

Password policy refers to the set of rules defined by an organization that determines how employees should create and manage their company passwords. Its purpose is to enhance security by encouraging the use of strong passwords and establishing guidelines for their proper handling.

See also: information security policy, privacy policy, security policy

Password policy examples:

  • Password complexity. It usually refers to the minimum length for the password, defines the inclusion of capital letters and special symbols, as well as prevents the user from creating a password that is easily guessable or one that they’ve used in the past.
  • Password expiration and renewal. Password policies often define how often passwords should be renewed as well as what happens if the user does not change their password. For example, failure to create a new password every 90 days may result in a simple notification or prevent the user from accessing the device altogether.
  • Password history. While password reuse was already covered, password history rules aim to encourage users to create a unique password rather than changing their current one by adding one symbol.
  • Failed login attempts. It should define the system’s actions if the user fails to enter the correct password after a certain number of tries.
  • Education. Policy can also list ways employees should be educated through training and awareness programs.