Passphrases used for single-factor authentication are not a list of categorised words; do not form a real sentence in a natural language; and are not constructed from song lyrics, movies, literature or any other publicly available material.
Topic
Single-factor authentication
Applicable to
all
History
Mar 2022
Passphrases used for single-factor authentication are not a list of categorised words; do not form a real sentence in a natural language; and are not constructed from song lyrics, movies, literature or any other publicly available material.
Miscellaneous changes were made to rationale and recommendations throughout the publication to clarify content without changing intent. This included a review from the Guidelines for System Hardening chapter through to the Guidelines for Data Transfers chapter.
Apr 2020
Passphrases used for single-factor authentication:
§ are not constructed from song lyrics, movies, literature or any other publicly available material
§ do not form a real sentence in a natural language
§ are not a list of categorised words.
Security control 1558 was modified to replace ‘publically’ with ‘publicly’.
Mar 2020
Passphrases used for single-factor authentication:
§ are not constructed from song lyrics, movies, literature or any other publically available material
§ do not form a real sentence in a natural language
§ are not a list of categorised words.
Oct 2019
Passphrases used for single-factor authentication:
§ are not constructed from song lyrics, movies, literature or any other publically available material
§ do not form a real sentence in a natural language
§ are not a list of categorised words.
Following a rigorous review of the ability of passphrases used for single-factor authentication to withstand attack, security controls 0421 and 0422 were modified, 1426 was removed, and security controls 1557 and 1558 were added.