Young hacker smiling

We hack your software

zero false positives

Expert intelligence + specialized technology

REQ.132 Passphrases with minimum 4 words

This document contains the details of the security requirements related to the definition and management of access credentials in the organization. This requirement establishes the importance of defining passphrases with at least 4 words to improve credentials security

Requirement

Passphrases must be at least 4 words long.

Description

The following security requirement addresses the importance of establishing passphrases with at least four (4) words of length. Understanding the latter, as a sequence of words [1] whose length is higher but more secure than other types of passwords.

References

  1. Passphrase - Wikipedia.

  2. OWASP-ASVS v3.1-2.7 Verify password entry fields allow, or encourage, the use of passphrases, and do not prevent long passphrases or highly complex passwords being entered.

  3. OWASP-ASVS v3.1-2.27 Verify that measures are in place to block the use of commonly chosen passwords and weak pass-phrases.


Service status - Terms of Use