Love them or hate them, but passwords are a time-tested and imperfect method for user authentication that can protect organizations from cyber-attacks if used correctly. To be truly effective however, an organization's password policy must include additional defensive strategies to prevent unauthorized access.
New password policy standards are based on two primary principles: leveraging real-world attack data and making it easier for users to create and remember passwords.
Organizations need to employ updated tools and policies to conform to these new standards. These include new approaches to password creation, multi-factor authentication (MFA), account lockouts, and other safeguards.