How strong User ID and Password should be ?
Few thoughts on how to enforce strong userids and passwords.
UserIDs can be email address. (An email can be sent to the ID with a link to make sure email id is valid)
- Password must be between 8 and 14 characters.
- Password must contain at least one number, at least one English uppercase character, and at least one English lowercase character.
- Password must contain one special character like #,*,&
- Password may not have more than two consecutive identical characters.
Ex : This is valid : grEen12# but grEEEn12# is not valid
- Password cannot be the same as your previous three passwords.
- Password cannot be similar as your previous three passwords.
Ex : If this is your old password grEen12#, new Password cannot be grEen13#
- Password cannot be the same as or contain your User ID or contain the word “password” or contain your site / company name.
Ex : If your site is abcjewellers then password cannot be aBcJewellers#1 or paSSword$1
- Password should expire every 60 days.