Guidance

Password guidance: simplifying your approach

This publication was withdrawn on 11 July 2016

This content has been moved to the CESG website: https://www.cesg.gov.uk/guidance/password-guidance-simplifying-your-approach

Advice for system owners responsible for determining password policy

Documents

Password guidance - simplifying your approach

This file may not be suitable for users of assistive technology. Request an accessible format.

If you use assistive technology (eg a screen reader) and need a version of this document in a more accessible format, please email enquiries@cesg.gsi.gov.uk. Please tell us what format you need. It will help us if you say what assistive technology you use.

Password guidance - infographic

This file may not be suitable for users of assistive technology. Request an accessible format.

If you use assistive technology (eg a screen reader) and need a version of this document in a more accessible format, please email enquiries@cesg.gsi.gov.uk. Please tell us what format you need. It will help us if you say what assistive technology you use.

Detail

This guidance contains advice for system owners responsible for determining password policy. It is not intended to protect high value individuals using public services.

It advocates a dramatic simplification of the current approach at a system level, rather than asking users to recall unnecessarily complicated passwords.

More specifically, this document will help you to:

  • examine and (if necessary) challenge existing corporate password policies, and argue for a more realistic approach
  • understand the decisions to be made when determining password policy
  • implement strategies that lessen the workload that complex passwords impose on users
  • make your system more secure by suggesting a number of practical steps you can implement.