Password best practices
In addition to length and complexity, there are security factors that cannot be enforced in a policy. Guidelines issued to users will encourage proper password habits.
Best practices dictate that password expiration also be enabled. This forces passwords to be changed on a regular basis. You can set the interval in days. The more sensitive the information this account has access to, the shorter the password expiration interval should be. For example 180 days for guest accounts, 90 days for users, and 60 days for administrators.
Avoid:
• real words found in any language dictionary
• numeric sequences, such as “12345”
• sequences of adjacent keyboard characters, such as “qwerty”
• adding numbers on the end of a word, such as “hello39”
• adding characters to the end of the old password, such as “hello39” to “hello3900”
• repeated characters
• personal information, such as your name, birthday, or telephone number.