Zero Trust; you’ve probably, at the very least, heard of the term. Some may have worked on a project where a Zero Trust policy was in effect, and others may well be working for a company with a company wide Zero Trust policy in effect. But do you know what Zero Trust actually entails? And if you know, do you know how best to develop software that has to comply to a Zero Trust policy?

Depending on your level of exposure to Zero Trust, you may well have had a bad experience with it, may not want to have anything to do with it, or may not want to develop in such an environment at all. If you had a bad experience, it is most likely due to the company or project not understanding the Zero Trust methodology and implementing it incorrectly; but that is a subject for different blog post. Regardless of your experience with (or opinion of) Zero Trust, this post will give you some helpful hints on how to best develop for a Zero Trust environment.

Password must be at least 12 characters long, must include lower and upper case letters, must include numbers, must include special characters, must have at least 3 numbers, must have at least 2 special characters, may not include words in the dictionary. Your password is rejected because it does not comply to our policy. A policy that isn’t published anywhere, but you must make one that complies anyway. Your password has expired, make a new one that does not resemble any of the passwords that you have created in the past. And it’s all useless. We’re all doing it wrong.