Password Policy Best Practices

(Photo by Sajad Nori on Unsplash)

In this article, we will discuss some “uncommon” password policy best practices, that are not followed by a lot of companies. Those are collected from the Penetration Testing assessments I have conducted over the years.

Company-related Passwords

Let’s take the following scenario:

  1. We have a company named “Hooli”



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cristian Cornea

Cristian Cornea


🇷🇴 Cyber Security Enthusiast, Freelancer, Researcher, Bug Bounty Hunter and InfoSec Writer | OSEP | OSWE | OSCP | CEH | CPTC | PenTest+ | eWPT | ECIH