Guidance

Password guidance: simplifying your approach

Advice for system owners responsible for determining password policy

This publication was withdrawn on

This content has been moved to the CESG website: https://www.cesg.gov.uk/guidance/password-guidance-simplifying-your-approach

Documents

Password guidance - simplifying your approach

Request an accessible format.
If you use assistive technology (such as a screen reader) and need a version of this document in a more accessible format, please email fcdo.correspondence@fcdo.gov.uk. Please tell us what format you need. It will help us if you say what assistive technology you use.

Password guidance - infographic

Request an accessible format.
If you use assistive technology (such as a screen reader) and need a version of this document in a more accessible format, please email fcdo.correspondence@fcdo.gov.uk. Please tell us what format you need. It will help us if you say what assistive technology you use.

Details

This guidance contains advice for system owners responsible for determining password policy. It is not intended to protect high value individuals using public services.

It advocates a dramatic simplification of the current approach at a system level, rather than asking users to recall unnecessarily complicated passwords.

More specifically, this document will help you to:

  • examine and (if necessary) challenge existing corporate password policies, and argue for a more realistic approach
  • understand the decisions to be made when determining password policy
  • implement strategies that lessen the workload that complex passwords impose on users
  • make your system more secure by suggesting a number of practical steps you can implement.
Published 8 September 2015