The latest General Data Protection Regulation (GDPR), which comes into effect on 25 May 2018, doesn’t forbid the use of an easy username and unchanging password system for retrieving private data, however, it does assert that access methods should be safe.
If methods are not safe, organizations and businesses can be found to be in violation of GDPR conditions. This can have grave consequences. Therefore, what does this really mean for organizations and businesses?
Appeals to Re-Set Codeword
Clients often forget their keywords. This can be due to a number of different causes including:
- The needs to have different keywords for different access requirements.
- Keywords having to contain numbers as well as symbols and letters.
- Keywords having to be complex and lengthy.
This is the reason people frequently ask to reset their passwords. According to GDPR, a company will have to be able to prove that applications for password re-sets are dealt with in a secure manner. The best method to do this is for companies to provide a safe self-service choice. If a help desk is concerned, it must need a two-layer level of safety, to help avoid scam by help desk workers.
Must Keywords be Used?
Besides passwords, there are other ways of identifying a person. These can include ways like:
- Voice identification.
- Fingerprint identification.
- Smartphone activation codes.
According to GDPR, it is a good idea for companies to use 2 of any non-password related ways of recognition, or a password and one other form of recognition, to enable access to private data. Doing this will assist them to satisfy strict GDPR requirements.