Having a strong password is essential to keep an account safe; even the strongest encryption can't offer much protection if the key is easy to figure out.

As a G Suite administrator, you can enforce requirements for all passwords within the organization. This helps set a minimum security strength that's required for all accounts.

To set up password requirements, follow these steps:

1. Having a strong security protocol is not effective if the password strength is weak and therefore easy to guess. You can be sure all user's passwords are inline with current best practices by enabling the Enforce strong password checkbox:

2. By defining a Password length, you can be sure that user's passwords are not too short, but keep in mind that passwords below eight characters are not recommended:

3. To avoid existing users from keeping a low security password, you can enable Start password policy enforcement at next sign in so that everyone without a strong password will be required to change it the next time they log in:

4. Always using the same password can be easy for the user, but it makes the account more vulnerable. Disable Allow password reuse to prevent users from keeping the same password, even after a change request:

5. Keeping the same password for too long can make the account vulnerable; define the Password expiration to a reasonable length so that your users don't keep the same password for too long. The recommended length is 90 days to keep things safe without being too hard on your users:

You can now define the password requirements for members of this organization. In the next section, we will learn what Password monitoring can teach us about our user's passwords.