What is more, required under the GDPR?
The latest GDPR guidelines from the Information Commissioner’s Office are relevant to anyone who owns a website whether they are using a (WordPress, WooCommerce or any other content management systems)
If your website has a feature of login, and you are taking data for this reason whether they are customers, volunteers or the general public you have to consider the new guidelines from the ICO.
Initially, GDPR does not set any specific requirement about the passwords in online services, GDPR requires you to implement appropriate technical and organisational security measures to protect personal data.
This is the GDPR principle for, and it states “Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organisational measures.”
Passwords are used to protect unwanted access to the systems that process personal data. Therefore you need to consider the new ICO guidelines while implementing the password strategy for particular circumstances, keeping the best alternative solutions for securing the passwords in mind. Any approach you chose must be secure from brute force attacks.
You can find more detailed information on the ICO website.