Strategies Blog

Are your user passwords secure enough? 

Password strength is an essential element in keeping your site safe. OpenDNS, one of suppliers, has posted a good article about the importance of strong passwords. It's a quick read for the 'non-technical' and I'd encourage you to read it. There's some good suggestions about how you can decide on a strong password and why it's important to update them regularly. 

You might also want to consider these additional points, some of which are taken from the Payment Card Industry Data Security Standards guidelines:

  • Minimum length: eight characters (PCI DSS 8.5.10 requires seven)
  • Maximum lenght: twenty characters
  • Character-set criteria:
    • must contain alpha-numeric characters
    • must contain both upper-case and lower-case characters
    • must contain both alpha and special characters (PCI 8.5.11)
    • no contiguous characters (e.g. 123abcd)
    • not more than two identical characters in a row (1111)
  • Change your passwords at least every 90 days (PCI Requirement 8.5.9)
  • Do not use a password that is the same as any of the last four passwords you have used. (PCI Requirement 8.5.12 )
  • These are good principals to apply not just at work but for your personal passwords too.