![](/img/client_headers/FoxRothschild/PrivacyComplianceAndData.jpg)
Keep your passwords close…and complex, and encrypted and unique, and ever-changing.
In the wake of recent data breaches involving passwords, the French data protection authority, the CNIL, has published guidelines for adequate passwords.
Some highlights include:
-
If you use a password as your sole method of authentication, it needs to be at least 12 characters consisting of uppercase letters, numbers and special characters.
-
If you use additional measures of protection, the password may be less complex.
-
A passphrase is better than a password, and the CNIL developed a tool for producing passwords from sentences.
-
Your authentication function must (i) use a public algorithm deemed strong and (ii) have a software implementation that is free of known vulnerabilities.
-
NEVER store passwords in cleartext – require and allow periodic renewal of passwords.
For details, see the full guidelines.
[View source.]