Not Allowing Password Aging

From Guidance Share

Jump to: navigation, search

Contents

Description

If no mechanism is in place for managing password aging, users will have no incentive to update passwords in a timely manner.


Applies To

  • Languages: All
  • Operating platforms: All


Example

Impact

  • Authentication: As passwords age, the probability that they are compromised grows.


Vulnerabilities

  • Lack of a mechanism for aging and expiring passwords.


Countermeasures

  • Design: Ensure that password aging functionality is added to the design of the system, including an alert previous to the time the password is considered obsolete, including useful information for the user concerning the importance of password renewal and the method of renewal.


Vulnerability Patterns


How Tos

Personal tools