Italy: Adopted ACN and GPDP guidelines for password storage

On 7 December 2023, the National Cybersecurity Agency (ACN) and the Privacy Guarantor (GPDP) adopted guidelines aimed at bolstering digital security through improved password storage practices. Applicable to a range of entities, including identity managers, email service providers, banks, and healthcare facilities, the guidelines focus on safeguarding authentication credentials to reduce cybercriminal activities and mitigate risks associated with compromised passwords. Emphasizing password hashing, the guidelines advocate the use of one-way cryptographic hash functions to secure password digests instead of plaintext passwords. Discouraging common cryptographic hash functions, the security measures recommend incorporating random and secret strings. Furthermore, the guidelines stress the importance of regularly updating password hashing functions for enhanced security. They highlight various common algorithms such as PBKDF2, scrypt, bcrypt, and Argon2, each offering configurable parameters and diverse security options.