Are your user passwords secure enough?
Password strength is an essential element in keeping your site safe. OpenDNS, one of suppliers, has posted a good article about the importance of strong passwords. It's a quick read for the 'non-technical' and I'd encourage you to read it. There's some good suggestions about how you can decide on a strong password and why it's important to update them regularly.
- Minimum length: eight characters (PCI DSS 8.5.10 requires seven)
- Maximum lenght: twenty characters
- Character-set criteria:
- must contain alpha-numeric characters
- must contain both upper-case and lower-case characters
- must contain both alpha and special characters (PCI 8.5.11)
- no contiguous characters (e.g. 123abcd)
- not more than two identical characters in a row (1111)
- Change your passwords at least every 90 days (PCI Requirement 8.5.9)
- Do not use a password that is the same as any of the last four passwords you have used. (PCI Requirement 8.5.12 )
- These are good principals to apply not just at work but for your personal passwords too.