Password Requirements

Written by Rajat Bhargava on April 28, 2015

Share This Article

A common tactic that IT admins use to increase the security of their user accounts is to create password requirements. The theory is that more complex passwords are harder for password cracking applications to break.

Sounds straightforward, right? But there is a great deal of debate in the Identity Management world as to whether increasing the complexity or the length of a password actually makes a difference.

Debate on the Importance of Password Complexity

Some will tell you that worrying about those issues isn’t going to make a significant difference. Most hacks don’t really involve people or systems “guessing” a user’s password. Rather, they infiltrate a network and grab the password database. Then they go to work reversing the passwords. In this model, password complexity is a moot point.

Advocates for more complex passwords will say that the more complex the passwords are, the harder it is for users to be compromised. Still, this can ultimately lead to hackers “grabbing” the password file.

An All-Encompassing Solution

Whichever side of the coin you are on, you’ll have the option of employing a variety of different password requirements through JumpCloud’s Directory-as-a-Service®. We go well beyond password length and complexity. JumpCloud’s cloud-based directory service connects users to the IT resources that users need.

Various IT Needs

IT resources can include applications, devices, and networks. IT resources can live on-premises or in the cloud and be a variety of different platforms. When connecting those users to their IT resources, the connection of course involves a username and password. Occasionally the connection can be SSH keys which are even stronger than passwords!

The DaaS Password Solution

Through JumpCloud’s Directory-as-a-Service, IT admins can specify a number of password requirements.

Of course, there are length and complexity requirements, which as we outline above have differing opinions within the industry.

We also add a number of other critical requirements that serve to greatly enhance security. One is a setting on password reuse. Perhaps one of the most underappreciated ways of increasing security, limiting the previous passwords that can be used helps drive unique passwords across personal and professional services.

When combined with password rotation – also a JumpCloud DaaS password setting – users are effectively forced to have unique passwords. JumpCloud’s password requirements also include the ability to limit password resets and also set the number of failed logins.

Password Management and JumpCloud

data security breach

Password requirements can play a significant role in security. JumpCloud helps in a major way by giving organizations the power to implement regulations over password complexity and re-use.

These fall in line with mandatory requirements in compliance activities. Virtually all major security regulations will contain a number of password requirement controls. For example, PCI Section 8 requires at least 7 characters and an alphabetic character and numeric one as part of their requirements.

If you would like to learn how JumpCloud’s Directory-as-a-Service can help address your password complexity requirements, drop us a note or give JumpCloud a try. It is free forever for 10 users.

Rajat Bhargava

Rajat Bhargava is co-founder and CEO of JumpCloud, the first Directory-as-a-Service (DaaS). JumpCloud securely connects and manages employees, their devices and IT applications. An MIT graduate with two decades of experience in industries including cloud, security, networking and IT, Rajat is an eight-time entrepreneur with five exits including two IPOs, three trade sales and three companies still private.

Continue Learning with our Newsletter