Following a risk analysis, and upon the choice of a risk framework and definition of security policies, a password policy can be derived. 

The password policy is to be set up by organizations, both end user organizations manufacturers and digital platform and system providers.

Password policies should at least include :
- strong passwords or passphrases
- users to regularly update their passwords
- advise the use of multifactor (use an additional authentication device)

Digital Platform providers should provide a mechanism for single sign on or federated authentication, allowing for passwords not to be stored into the platform itself, but by accepting tokens from third party suppliers. 

 

This is an index-based search using 'Password policy' as the searched string. Please note that for some items this may result in less relevant search results. The 'directly mapped' search might generate less search results, but more relevant search results.

Associated projects

Project search
Showing 3 out of 3
Show more information
Comments The secure connection are encrypted by two types of authentication: With username and password With X.509 Certificate, the client presents
 AAA - Access, Authorisation and Authentication Taxon description The physical token connects the person to something he has, the password to something he knows.  A third A in the AAA-architecture is related to Access.
 Security mechanisms and technologies Comments The secure connection are encrypted by two types of authentication: With username and password With X.509 Certificate, the client presents