Password Security and Encryption Standards

IEEE and W3C

ISO and NIST

FDA and WHO

FCC and FTC

Password length must be exactly 8 characters

There is a formal policy defining password complexity

Passwords must include a special character

Passwords must be changed daily

They are optional for users

They are done weekly

They follow specific security guidelines

They are the same for all organizations

Allowing unrestricted access to all users

Defining how and when users can access data

Ensuring all data is publicly accessible

Providing access based on user preference

The user completes a training course

The user has a security issue

The user requests more access

The user receives a promotion

A personal security guard

An escort at all times

A personal identification number

A key to all doors

They should have a biometric aspect

They must be painted red

They should be manually operated

They must be made of steel

Using the same algorithm for all data

Documenting standards for encryption use

Encrypting only external data

Avoiding encryption for speed

Sharing them with colleagues

Writing them on paper

Using a salted hash

Storing them in plain text

Different states of data have different encryption standards

Data at use is never encrypted

Data in transit requires no encryption

Data at rest and data in transit have the same requirements