...
- Exponential back-off for failed password authentication attempts.
- All passwords must be at least 8 characters.
- No special characters requirements.
- No forced password rotation.
- No password strength meters.
- Common passwords are blocked
- All PHI is identified and only accessible with Multi-factor authentication.
- Eventually, completely replace Synapse managed passwords authentication with Google & ORCID authentication (see PLFM-5311).
- Educate users not to reuse Synapse credentials anywhere else.
Note: The above recommendations closely mirror the recommendations from Microsoft [8].
...