Password must be easy to memorize.-passwords should be easy to memorize, because that minimizes the chance that users will write the password down somewhere that others could see it.passwords should not be the same as the user id, because that is one of the common passwords that common password cracker programs try, when attempting to discover passwords for accounts. passwords must be changed at least once every 60 days (depending on your environment). password aging or expiration must be enforced on all systems. upon password expiration, if the password is not changed, only three grace logins must be allowed then the account must be disable until reset by an administrator or the help desk. password reuse is not allowed (rotating passwords).