๐ผ 4.2.1 Passwords are protected against brute-force password guessing
- Contextual name: ๐ผ 4.2.1 Passwords are protected against brute-force password guessing
- ID:
/frameworks/uk-cyber-essentials-v3.1/04/02/01 - Located in: ๐ผ 4.2 Authenticate users with unique credentials before granting access to applications or devices
Descriptionโ
Passwords are protected against brute-force password guessing by implementing at least one of:
- multi-factor authentication
- 'throttling' the rate of attempts, so that the number of times the user must wait between attempts increases with each unsuccessful attempt โ you shouldnโt allow more than 10 guesses in 5 minutes
- locking accounts after no more than 10 unsuccessful attempts
Similarโ
- Internal
- ID:
dec-c-1034bcf7
- ID:
Sub Sectionsโ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|