Beruflich Dokumente
Kultur Dokumente
The software should not allow direct access to anyone except the
authorized user.
Mandatory: Password login challenge
For password Login, strongly suggest:
Minimum password size (>8)
Password MUST NOT be visible
Copy/paste functionality to be disabled
Case sensitive
Requiring a mix of chrs, digits, special chrs, capital letters
Use pass phrase where appropriate
User Control : Authentication
Mandatory Renewal after (15 to 30 days/uses, depending on use-case)
Blocking after (3 to 5) wrong tries
Update/reset password through SMS authentication
Suggested for further safety, depending on level of security required, second
level challenge through one of the following (do not exceed 2 challenges in
total as this would lower user compliance):
PIN authentication through SMS to registered mobile number
ATM type PIN key-in (4 to 6 digits)
Answer to Random, user provided, secret question
Finger print authentication
Iris authentication
Physical Safeguards
Ref: https://www.truevault.com/blog/how-do-i-become-hipaa-compliant.html