The goal of an authentication system is to verify who a user is, which then determines what data is available to...
that user. Each company's security level needs will be different, but consider including the following in your password policy: Strong passwords are at least eight characters, do not contain all or part of the user's account name, and contain at least three of the four following categories of characters:
- Uppercase letters
- Lowercase letters
- Base 10 digits
- Symbols found on the keyboard (such as !, @, and #)