Password: update your reflexes!

The Haka, a timeless cultural heritage
October 21, 2022
The impact of intellectual property on the European Union economy
November 4, 2022

The CNIL has just issued a new recommendation to control the security of passwords, taking into account the evolution of knowledge and attacks in this area.
This update was necessary, given the increased threats to data security and the clear finding of a study conducted by Verizon in 2021, which revealed that more than 80% of global data breach notifications are related to password issues.

But what are the risks associated with poor password management?

There are four factors to consider:

  1. The simplicity of the password,
  2. The listening on the network in order to collect the transmitted passwords,
  3. Keeping the password in clear text,
  4. The weakness of password renewal methods in case of forgetfulness (case of “secret” questions).

The CNIL has recently introduced the notion of “entropywhich allows to compare the robustness of different passwords, defining the “amount of chance” to discover them.

From a practical point of view, the CNIL has defined 3 examples that are equivalent in terms of entropy and that all meet the new recommendations under the General Data Protection Regulation (GDPR).

  • Example 1: passwords must be composed of at least 12 characters including upper case, lower case, numbers and special characters to be chosen from a list of at least 37 possible special characters.
  • Example 2: Passwords must be at least 14 characters long, including upper and lower case letters and numbers, with no special characters required.
  • Example 3: A passphrase must be used and it must consist of at least 7 words.

 

It is now time for you to take a look at your passwords, in order to take advantage of these latest recommendations, whose failures can lead to data breaches for your company, your business, your personal life, and in a more legal way, to remain in compliance with the RGPD requirements.

Indeed, following these last publications, the CNIL reminds us that breaches related to password policies were among the most common breaches found during its audits in 2021.

We are of course at your disposal to assist you in the process of compliance with the RGPD, or to discuss this subject.

 

Ghislaine BERTIN, Paralegal and Partner at Mark & Law

Postes connexes

January 9, 2025

MARK & LAW team wishes you all the best for 2025!

Lire la suite
November 22, 2024

MARK & LAW at the Côte-Rôtie & Condrieu Professional Meetings

Lire la suite
October 11, 2024

WIPO: a key player in global intellectual property

Lire la suite