Impossible? No, but hard and requiring the willingness to do so.
Besides, it's not that difficult if the requirements are minimal best practices - the regulatory body need not even get involved until a breach has been traced back to someone who didn't follow the rules.
We're not trying to make security perfect, just deal with blatant disregard of user safety.
I suggest 3 to start:
1: No storing passwords in plaintext.
2: Hashed passwords must not be calculated with fast algorithms like MD5.
3: Hashed passwords must be salted.
These three things would have solved most of the major breaches everyone has heard of, don't take meaningful development time to implement, and so there is zero excuse for not doing them.
Besides, it's not that difficult if the requirements are minimal best practices - the regulatory body need not even get involved until a breach has been traced back to someone who didn't follow the rules.
We're not trying to make security perfect, just deal with blatant disregard of user safety.
I suggest 3 to start:
1: No storing passwords in plaintext.
2: Hashed passwords must not be calculated with fast algorithms like MD5.
3: Hashed passwords must be salted.
These three things would have solved most of the major breaches everyone has heard of, don't take meaningful development time to implement, and so there is zero excuse for not doing them.