Institutions in Vietnam shall set out regulations on management of passwords which must meet the following requirements

According to Clause 2 Article 28 of the Circular No. 09/2020/TT-NHNN of the State Bank of Vietnam, each institution shall set out regulations on management of passwords which must meet the following requirements:

- A password must have at least six characters, including numbers, uppercase letters, lowercase letters and other special characters if allowed by the system. A valid request for a password must be checked automatically during the process of setting up a new password;

- A default password set by a manufacturer on a device or software must be changed before use;

- Password management software must be developed with the following functions: (i) Requesting change of a password on first login (except one-time password); (ii) Notifying users of change of an expiring password; (iii) Invalidating an expired password; (iv) Invalidating a password in case the number of incorrect entry exceeds the permitted one; (v) Granting permission to promptly change a password which has been disclosed or is exposed to a risk of being disclosed or upon the request of users; (vi) Preventing use of an old password during a specified period. 

Concurrently, each institution shall set out regulations on responsibilities of users who are granted access rights, including the following contents: Use a password in accordance with regulations; treat this password as confidential; use devices or instruments for access and sign out of the systems when stopping work or temporarily leaving the systems.

View more details at the Circular No. 09/2020/TT-NHNN of the State Bank of Vietnam, effective from January 01, 2021.

Thuy Tram

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE