02 May 2025 | Regola Digital Consulting

Guide to Password Policies for Businesses (updated for 2025)

Today is World Password Day Passwords are critical security barrier ensuring there is no unauthorised access between your business and your systems and data. Weak or poorly managed user passwords can lead to data breaches, financial loss, reputational damage, compliance violations and legal repercussions. The list goes on... In today’s threat landscape which is riddled with phishing, brute-force attacks, and credential stuffing, having a robust password policy is non-negotiable.

This guide from my colleague Shaun Walton is provided as a starting point towards authentication security but is by no means exhaustive and further reading is highly recommended.

What defines a "strong" password in 2025? Answer: a password with 12 or more characters that are not easily associated with the user.

Password advice continues to evolve, and passwordless systems are now perfectly acceptable. The latest advice is to use not fewer than 12 characters, and to achieve this by choosing three random words. Caps, numbers, and special characters are OK but not necessary. The whole point of the exercise is the make passwords sufficiently robust but easier to remember. It goes without saying that words that can be easily associated with the user should not be used.

This is the latest advice. For this and much more, please read on at:

https://www.regoladigitalconsulting.co.uk/post/guide-to-password-policies-for-businesses-updated-for-2025

Other Press Releases from Regola Digital Consulting

28/4/2025 - The Dangers of B2B Digital Supply Chain Attacks… (and defence measures for all supply chain partners) Businesses have always relied on suppliers, vendors, and service providers to keep operations running. These organisations looked after each some of each others data on paper, without too much concern that it would be stolen. Over time, advancements in technology and globalization made supply chains more "just-in-time" efficient, interconnected, and data driven. When supply chains used private networks in communicate data there was little worry about external interference.

22/4/2025 - The Hidden Threat: Fake Captcha Pages and their Danger to Businesses Some may know the term CAPTCHA (Completely Automated Public Turing tests to tell Computers and Humans Apart). Most won’t recognise the name but would probably recognise a CAPTCHA if they came across it. They can quite often be seen as a nuisance but they play an important role in security. However, cybercriminals have weaponized this trust by creating fake CAPTCHA pages - a deceptive tactic used to steal credentials, distribute malware, and manipulate user behaviour.

14/3/2025 - Understanding API Security: Protecting Your Business from Digital Threats The way that digital technologies, and therefore businesses have been evolving, it has come to pass that businesses rely on APIs (Application Programming Interfaces) to deliver most of their business operations. APIs have streamlined their systems, integrated third-party services, and enhanced customer experiences.

26/2/2025 - MFA Fatigue: A Growing Risk for Businesses. How to Prevent it. Multi-Factor Authentication (MFA) is widely recognized as a crucial security measure for businesses. By requiring additional verification beyond a password, MFA helps prevent unauthorized access and protects sensitive corporate data. However, cybercriminals have adapted their tactics, and one of the most effective attack methods they now use is “MFA fatigue” using the well-known strategy of repetition many times, designed to exploit human frailty.

19/2/2025 - Log Monitoring: The Silent Guardian of your Business Security Running a business without log monitoring is like driving without a dashboard. You might be moving forward, but without fuel gauges, warning lights, or speed indicators, you won’t know if something is wrong until your engine fails, or you run out of fuel.