Not Allowing Password Aging

From Guidance Share

Revision as of 05:09, 7 August 2007 by GardenTender (talk | contribs)

(diff) ←Older revision | Current revision (diff) | Newer revision→ (diff)

Jump to navigation Jump to search

Description

If no mechanism is in place for managing password aging, users will have no incentive to update passwords in a timely manner.

Applies To

Languages: All
Operating platforms: All

Example

Impact

Authentication: As passwords age, the probability that they are compromised grows.

Vulnerabilities

Lack of a mechanism for aging and expiring passwords.

Countermeasures

Design: Ensure that password aging functionality is added to the design of the system, including an alert previous to the time the password is considered obsolete, including useful information for the user concerning the importance of password renewal and the method of renewal.

Vulnerability Patterns

Not Allowing Password Aging Vulnerability Pattern

How Tos

Navigation menu