The Commission nationale de l’informatique et des libertés (CNIL) has published guidelines on password protection in decision number 2017-012, made on 19 January 2017. A summary of the guidelines is available on CNIL’s website. The guidelines address: 

  • Password robustness including guidance on length, complexity and complementary measures
  • Security of the authentication process
  • Security for password storage
  • Security in the process of password renewal
  • What to do if there is a risk that the password could be compromised