Secure Passwords

  • 6 July, 2017

Password strength is an essential element in keeping your site safe. OpenDNS, one of suppliers, has posted a good article about the importance of strong passwords. It's a quick read for the 'non-technical' and I'd encourage you to read it. There's some good suggestions about how you can decide on a strong password and why it's important to update them regularly.

http://blog.opendns.com/2012/06/19/are-your-users-passwords-secure-enough/
You might also want to consider these additional points, some of which are taken from the Payment Card Industry Data Security Standards guidelines:
  • Minimum length: eight characters (PCI DSS 8.5.10 requires seven)
  • Maximum lenght: twenty characters
  • Character-set criteria:
    • must contain alpha-numeric characters
    • must contain both upper-case and lower-case characters
    • must contain both alpha and special characters (PCI 8.5.11)
    • no contiguous characters (e.g. 123abcd)
    • not more than two identical characters in a row (1111)
  • Change your passwords at least every 90 days (PCI Requirement 8.5.9)
  • Do not use a password that is the same as any of the last four passwords you have used. (PCI Requirement 8.5.12 )
  • These are good principals to apply not just at work but for your personal passwords too.