TEMPLATE · SECURITY

Password Policy Template

Password and authentication policy aligned with security best practices.

Download PDFAll Templates

Preview

Password and Authentication Policy

Organisation: _______________________ Effective date: _______________________ Owner: Information Security

1. Scope

Applies to all employees, contractors, and systems accessing company resources.

2. Password requirements

  • Minimum length: 14 characters
  • Must not reuse last 12 passwords
  • Must not contain dictionary words or personal information
  • Password managers encouraged for all staff

3. Multi-factor authentication (MFA)

MFA is required for:

  • All admin and privileged accounts
  • Remote access (VPN, cloud consoles)
  • Email and identity provider login
  • All users with access to production or customer data

4. Account lockout

  • Lock after 5 failed attempts within 15 minutes
  • Auto-unlock after 30 minutes or IT unlock

5. Service accounts

  • Unique credentials per service
  • Stored in approved secrets manager
  • Rotated at least every 90 days

6. Exceptions

Document and approve exceptions via IT Security. Review quarterly.

Approved by: _______________________ Date: __________

AI GenerateSave to WorkVerge →

Related templates

Acceptable Use Policy Template

Define acceptable use of company devices, networks, and IT resources.

Start today: no setup required

Clear IT operations start with one step.

Most teams start with ITAM and have full asset visibility within 2 Weeks. AI surfaces the gaps, the risks, and what to prioritise from day one.

ISO 27001 AlignedSOC 2 ReadyNo credit card requiredFree 14-day trial