skip to main content


Passwords aren't going away anytime soon, yet enterprises continue to follow outdated password policies. Organizations should review policies and add security layers around passwords.


  • Organizational password policies have rarely been updated in line with advice from independent cybersecurity advisory agencies.

Features and Benefits

  • Assesses the current approach to password management.
  • Analyzes additional controls on top of passwords.

Key questions answered

  • What should organizations consider for password management?
  • Why should password expiry not be enforced?

Table of contents

Ovum view

  • Summary
  • Password policies are outdated
  • Enterprises should stop enforcing regular expiry of passwords
  • Multifactor authentication layers additional controls on top of passwords
  • Everyone must take responsibility


  • Further reading
  • Author