The “Deliberation no. 2017-012 of 19 January 2017 on the adoption of a recommendation relating to passwords” covers e.g.
- the need for protecting passwords by salts or keys
- automatic lockouts after subsequent login failures
- detailled guidance on password renewals on request
- etc..
https://www.cnil.fr/sites/default/files/atoms/files/recommandation_passwords_en.pdf