OneOffice Logo

Password Policy

Improving security posture through proper password rules

1. Introduction

A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly.

2. Getting There

  • Click on your Avatar
  • Click on Settings
  • Under Administration click on Security

3. Settings

  • Minimal length of a password. Default is 8 characters.
  • Password history
  • Password expiration period
  • Lockout policy
  • Forbid common passwords like ‘password’ or ‘login’.
  • Enforce upper and lower case characters
  • Enforce numeric characters
  • Enforce special characters like ! or :
  • Check the password against the list of breached passwords

Password Policy

4. How to Generate Strong Passwords

We will be releasing soon our own password generator with high randomness and security. In the mean time we really like this free tool, Strong Password Generator as it:

  • Generates password client-side (i.e. in the browser, so their server never sees it)
  • Does not keep history of passwords anywhere
  • Allows you to customize your password settings

To balance ease-of-use and security, we recommend the following settings

  1. 10 characters at least
  2. Don't include symbols -- default is to have symbols, but makes it hard to share
  3. Enable all other settings

Generate a few passwords and then stop randomly to chose the one you want. This helps the entropiness of the algorithm to improve "randomness"