INDUSTRIES, TECHNOLOGY | Italian DPA releases new Guidelines for Password Security

On 7 December 2023, the Italian National Cybersecurity Agency and the Italian Data Protection Authority issued guidelines on cryptographic functions, aiming to recommend the most secure methods for password storage. These guidelines play a crucial role in preventing cybercriminals from gaining access to authentication credentials for malicious activities such as identity theft or ransom demands. They provide detailed directives on password storage for both data controllers and processors, while also encouraging manufacturers to incorporate data protection principles into their product design and development processes. As outlined in the newly released FAQs, the adoption of technical measures for password security is deemed necessary if at least one of the following conditions is met (a) processing that entails passwords of a significant number of users, (b) processing that involves passwords of users with access to sensitive databases, and (c) processing that includes passwords of specific users responsible for handling sensitive data or criminal records.

Newsletter n. 94 – March 2024