Implement a password management tool without creating a formal standard to allow for complexity and uniqueness without the need to document specific requirements.

Conduct regular awareness sessions to emphasize the importance of strong passwords, informing staff that they should voluntarily adhere to best practices.

Revise the Information Security Policies to include specific password creation standards such as minimum length, complexity requirements, and change intervals. This will create a clear, enforceable standard for all users within the organization.

Update the Acceptable Use Policy (AUP) to recommend users to change passwords regularly without specifying any format or complexity.