Few thoughts on how to enforce strong userids and passwords.
UserIDs can be email address. (An email can be sent to the ID with a link to make sure email id is valid)
– Password must be between 8 and 14 characters.
– Password must contain at least one number, at least one English uppercase character, and at least one English lowercase character.
– Password must contain one special character like #,*,&
– Password may not have more than two consecutive identical characters.
Ex : This is valid : grEen12# but grEEEn12# is not valid
– Password cannot be the same as your previous three passwords.
– Password cannot be similar as your previous three passwords.
Ex : If this is your old password grEen12#, new Password cannot be grEen13#
– Password cannot be the same as or contain your User ID or contain the word “password” or contain your site / company name.
Ex : If your site is abcjewellers then password cannot be aBcJewellers#1 or paSSword$1
– Password should expire every 60 days.