Skip to content

13 Questions for a Comprehensive
Password Audit

Craft a robust password policy whilst understanding where your staff
are regarding their understanding of data security

Atronaught-with-checklistOne of the best practices for implementing a robust password policy is to conduct an audit of your companies existing password practices. 

Afterall, you can only figure out where to go once you know where you currently are, right? Being armed with this knowledge will allow you to craft a robust password policy whilst understanding where your staff are regarding their understanding of data security. 

With all research, it’s a game of RIRO (Rubbish in, rubbish out). If you don’t ask the right questions, in the right way, the data you receive back will be of very little value. 

SO - to assess the overall security of your organisation's accounts and systems and to understand the level of data security knowledge your staff currently have, you need to ask the right questions.

Remember to also provide education and training to your staff on password security best practices and regularly review and update your organisation's password policy as needed.

>> Download the PDF version here <<

Here is a list of multiple choice questions you are welcome to make use of to survey your staff:

1. Are you aware of [Company Name] password policy?

Yes No      

2. Where do you store your existing passwords?

On a password Manager In my notebook In a  Document In a stack of sticky notes In a text file
3. Do you share your passwords with anyone, including colleagues, friends, or family members?
 
Yes No      

4. Do your passwords regularly feature any of your personal information like birthdays, name or family members etc?

Always Sometimes Seldom Never  

 

5. Do you make use of the same passwords for multiple accounts (both inside and outside the company?)

Always Sometimes Seldom Never  

6. How often do you change your passwords?

Never Only when told to Every 30 days Every 90 days  

7. Do you know what two-factor authentication is?

Yes No      

8. Do you have two-factor authentication activated on accounts where it's possible?

Yes, everything Only some No    

9. What do you currently do if/when you receive a suspicious email or request?

Delete it Report it      

10. Do you create your own passwords, or utilise a password generation tool?

I create my own I use a password generation tool      

11. Which of the following are required for a strong password?

Long length Special characters Upper and lowercase letters No personal info All of the above

12. Do you feel you've received adequate training to date on Data Security/Protection and best practices?

Yes Kind of No    

13. Do you feel you know how to determine if a website or service is secure?

Yes Kind of No    

 

SOLID is Everything you need to run a successful ISP

Instantly sell Fibre, Wireless and Support Services with one, ready-to-go, end-to-end solution