When it comes to your employee password policy, you should decide whether your I.T system requires strict policing or not. If you are a company that is regularly audited, you hold sensitive or private information, etc then this a bit of a no-brainer. A decent policy requires that you use a complex password, it should expire at least every 30 days and you should not be allowed to use up to 5 of your previous passwords.  See below for recommended password complexity.

Password Rules

A strong password contains the following characteristics:

A strong password should not contain the following:

For best practive on password Do’s and Don’ts click here. In my experience though, after enforcing these policies, it means that your employee’s will inevitably use more IT resources than usual. In today’s world we simply have too many pin numbers, online banking credentials and passwords to remember which invariably means that we will forget them from time to time.

So this means you can leave it up to your employee’s, trusting them to initiate their own strong passwords or enforce it centrally from your network domain controller.