Not Allowing Password Aging

From Guidance Share
Revision as of 05:09, 7 August 2007 by GardenTender (talk | contribs)
(diff) ←Older revision | Current revision (diff) | Newer revision→ (diff)
Jump to navigationJump to search


If no mechanism is in place for managing password aging, users will have no incentive to update passwords in a timely manner.

Applies To

  • Languages: All
  • Operating platforms: All



  • Authentication: As passwords age, the probability that they are compromised grows.


  • Lack of a mechanism for aging and expiring passwords.


  • Design: Ensure that password aging functionality is added to the design of the system, including an alert previous to the time the password is considered obsolete, including useful information for the user concerning the importance of password renewal and the method of renewal.

Vulnerability Patterns

How Tos