A password policy simply defines all the rules that govern the implementation and choice of a password, in order to protect our access to our various accounts on the internet. Whether it's our bank account or our social network account, password policies help us determine our choice when securing access to our personal data.
Related: Why not use the same password everywhere?
Unless we go to the website of our bank, in order to consult our bank account, all sites that offer to establish a personal account, also offer the establishment of a personalized password. Access protections are different for many banks, and adopt an encrypted interface. For the rest, only our password protects us from an unhealthy intrusion. To do this, we are asked to define a password, with a minimum length of 6 to 8 characters.
If the length sometimes knows a limit, it is often for reasons of compatibility of the systems used. But nowadays, many sites no longer limit the length. To avoid the passage in force, it is therefore better to make the latter complicated to guess. The best solution is the mixing of letters (capital and lower case), numbers, and special symbols or characters. And, to remember them easily, they can be the variation of small phrases, such as "Mon_chAtà7aNs." Accent, dash, capital letters, tiny, figure. This password will be much more difficult to discover and usurp than the famous "123456", yet the most used in 2014.
But to make access even more protected, we must avoid grasping it too often. This necessarily includes varying your password, both in duration and according to open accounts. For optimal protection, you need to create a different password per open account, and change it regularly. Why? Simply because if we keep the same password for all the sites visited, it only takes one error on one site, for all the others to be hacked. And because every time you type something on your computer, it keeps track of it. Of course, you already need to know where to search, but hackers know.
In password policies, certain things are specified, which seem to make sense. Never share your account with anyone; Never give your password, even to people responsible for site security, neither by email, phone or otherwise; Never write your password on open-access paper change passwords at the slightest hint…
Some password policies also require a limited login time, beyond which the password will have to be re-entered. This is in case the user forgot to log out on a public computer. Similarly, a specific sentence or question can be asked if the password is forgotten.