Password complexity
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer: ISO 27001 does not specify requirements for password complexity, so organizations are free to adopt criteria that better suits them. ISO 27002, a supporting standard which provides recommendations and guidance for implementation of ISO 27001 Annex A controls suggests passwords:
- easy to remember;
- not based on anything somebody else could easily guess or obtain using information like names, telephone numbers and dates of birth etc.;
- not based on words included in dictionaries;
- free of consecutive identical characters;
- made of numeric and alphabetic characters.
These materials will also help you regarding defining passwords:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jul 14, 2018