PCI Requirement 8.2.5 – New Passwords/Passphrases Can’t Be the Same as Any of the Last Four Passwords/Passphrases Used
by Randy Bartels / December 21st, 2017
Effectiveness of Changing Passwords PCI Requirement 8.2.5 works in conjunction with PCI Requirement 8.2.4 to create secure passwords. Because PCI Requirement 8.2.4 requires passwords/passphrases…
PCI Requirement 8.2.4 – Change User Passwords/Passphrases at Least Once Every 90 Days
by Randy Bartels / December 21st, 2017
Password/Passphrase Expiration PCI Requirement 8.2.4 expects your organization to change user passwords/passphrases at least once every 90 days. The PCI DSS explains, “Passwords/passphrases that…
PCI Requirement 8.2.3 – Passwords/Passphrases Must Require a Minimum of Seven Characters and Contain Both Numeric and Alphabetic Characters
by Randy Bartels / December 21st, 2017
Requirements for Password/Passphrase Complexity and Strength Passwords/passphrases are your organization’s first line of defense, which is why PCI Requirement 8.2.3 states that your users’…
PCI Requirement 8.2.2 – Verify User Identity Before Modifying Any Authentication Credential
by Randy Bartels / December 21st, 2017
Preventing Social Engineering PCI Requirement 8.2.2 states, “Verify user identity before modifying any authentication credential.” How could this play out at your organization? Let’s…
PCI Requirement 8.2.1 – Use Strong Cryptography to Render All Authentication Credentials Unreadable During Transmission and Storage
by Randy Bartels / December 21st, 2017
Strong Cryptography in Transmission and Storage PCI Requirements 3 and 4 help your organization implement strong cryptography methods, and we see it again here…