Password security Small Business Password Policy Template Based on the password and access control materials in your IT documentation and employee lifecycle resources. Basic information Field Details Business name Policy owner Effective date Approved password manager Systems that require MFA Review schedule Free-lite checklist Task or item Owner or notes Status Require unique passwords for business systems. Do not allow business passwords to be shared through email, text, chat, sticky notes, or spreadsheets. Use an approved business password manager for shared business credentials. Require Multi-Factor Authentication for email, administrator accounts, accounting, payroll, cloud storage, and password manager access. Avoid shared accounts whenever named user accounts are available. Document any approved shared account exceptions. Remove password manager access when an employee leaves. Change shared passwords known by a former employee. Review administrator passwords and privileged access regularly. Document the policy review date and next review date.
Related Employee IT Offboarding Checklist Remove access, recover equipment, reset shared passwords, preserve business files, remove licenses, and document completion.
Related Microsoft 365 Admin Access Review Template Review who has administrator access, why they have it, whether MFA is enabled, and whether the access is still needed.
Related Monthly IT Review Checklist Review accounts, devices, backups, software renewals, support issues, documentation, and security tasks once a month.