This document describes and justifies password management best practices as applied in medium to large
organizations. It offers reasoned guidance to IT decision makers when they set security policy and design
network infrastructure that includes passwords.
The guidance in this document is focused on how to best manage user passwords. It is not intended to
address the special challenges and techniques that arise when managing privileged passwords, that belong
to administrators, service accounts, etc.