French Data Protection Authority Issues Password Guidance

By Odia Kagan on December 4, 2018

Posted in Data Protection Law Compliance, European Union, General Data Protection Regulation (GDPR), General Privacy & Data Security News & Developments

Privacy Compliance & Data Security - A Fox Rothschild Blog

Keep your passwords close…and complex, and encrypted and unique, and ever-changing.

In the wake of recent data breaches involving passwords, the French data protection authority, the CNIL, has published guidelines for adequate passwords.

Some highlights include:

If you use a password as your sole method of authentication, it needs to be at least 12 characters consisting of uppercase letters, numbers and special characters.
If you use additional measures of protection, the password may be less complex.
A passphrase is better than a password, and the CNIL developed a tool for producing passwords from sentences.
Your authentication function must (i) use a public algorithm deemed strong and (ii) have a software implementation that is free of known vulnerabilities.
NEVER store passwords in cleartext – require and allow periodic renewal of passwords.

For details, see the full guidelines.

MENU

Privacy Compliance & Data Security

About Our Firm