There are several requirements that a password validator should meet in order to be compliant with various standards such as GDPR, ISO 27001/27002, PCI DSS, and NIST 800-53. Here are some general guidelines for creating a strong and compliant password:
Length: A password should be at least 8 characters long. Some standards may require longer passwords, up to 12 or 16 characters.
Complexity: A password should contain a mix of uppercase and lowercase letters, numbers, and special characters. Avoid using easily guessable information such as your name, address, or common words.
Uniqueness: Each password should be unique and not used for any other accounts.
Change frequency: It is recommended to change passwords at regular intervals, such as every 90 days or every year. Some standards may require more frequent changes.
Storage: Passwords should be stored in a secure, encrypted format. They should not be written down or shared with anyone.
Multi-factor authentication: It is recommended to use multi-factor authentication (MFA) in addition to a password, such as a code sent to your phone or a biometric factor like a fingerprint.
Before starting i would like to share one of my personal experience with one of my client.
I got a call in late evening and my client was almost lasted all his hope. According to him, one of his competitor actually managed to access his network and successfully stolen all of his confidential data stored on that server. Not only this he also deleted all the files from the network so that my client should rework on everything. This was bad on his part, but that late evening made him realize that why so much of security awareness is happening these days.
In recent years, would be because of recession or because of any other cumbersome cause, the productivity or the quality delivery by majority of the companies and software engineers have been producing an ineffective measurements towards a true engineering discipline. Let it be a Collaborative Software Development Process, Rational Unified Process or may be adoption of a proper Agile methodology, non-disciplinary and hazardous matrices for evaluating the effectiveness of these methods has become harder than it should be.
