Security is key with Salesforce. If you ever have any questions about general Salesforce security, there are loads of resources available, one of the most valuable being trust.salesforce.com, where you can learn about security and check on system status. But despite all the tools Salesforce has available to ensure your data is and remains safe, one weak password or careless employee can lead to a breach. The good news, though, is that there are even tools available to you to enforce good password policies.
Enforcing safe password policies is simple. Go to Setup -> Security Controls -> Password Policies. Here, you will be able to set the org-wide defaults for when a password will expire, how often a user can reuse a password, minimum length, complexity (is it basically anything goes, or maybe you expect passwords to all contain upper and lower case characters, numbers, and special characters), and more. You can get more granular by setting different requirements based on profile by editing the password policies on a custom profile. For even more security, turn on Two-Factor Authentication. Effective security starts with effective passwords, so go make sure your password policies are strong enough for your needs today!
-Jared and the Salesforce Guys