Keep your passwords close…and complex, and encrypted and unique, and ever-changing.
In the wake of recent data breaches involving passwords, the French data protection authority, the CNIL, has published guidelines for adequate passwords.
Some highlights include:
- If you use a password as your sole method of authentication, it needs to be at least 12 characters consisting of uppercase letters, numbers and special characters.
- If you use additional measures of protection, the password may be less complex.
- A passphrase is better than a password, and the CNIL developed a tool for producing passwords from sentences.
- Your authentication function must (i) use a public algorithm deemed strong and (ii) have a software implementation that is free of known vulnerabilities.
- NEVER store passwords in cleartext – require and allow periodic renewal of passwords.
For details, see the full guidelines.