Password Policy

Password policy defines rules like length, complexity, reuse, and expiration.

Updated: 2026-03-06

Definition

Password policies enforce minimum requirements to reduce guessable and reused passwords.

Modern guidance focuses on length, MFA, and blocking known breached passwords rather than frequent forced resets.

Key points

Prefer longer passphrases
Block common/breached passwords
Combine with MFA and monitoring

Common mistakes

Forcing frequent resets which encourages weak patterns.
Relying only on complexity rules.

Related exams

CompTIA Security+ (SY0-701)

Free Security+ SY0-701 mini test with focused next steps. Continue in the app for offline packs and detailed explanations.

CompTIA A+ (220-1201 / 220-1202)

Free CompTIA A+ mini test with focused next steps. Continue in the app for offline packs and detailed explanations.

Related terms

Want to practice this in exam-style questions?

Use the mini tests on each exam page, then continue in the app for offline packs and detailed explanations.