Not Allowing Password Aging

From Guidance Share
Jump to navigationJump to search


If no mechanism is in place for managing password aging, users will have no incentive to update passwords in a timely manner.

Applies To

  • Languages: All
  • Operating platforms: All



  • Authentication: As passwords age, the probability that they are compromised grows.


  • Lack of a mechanism for aging and expiring passwords.


  • Design: Ensure that password aging functionality is added to the design of the system, including an alert previous to the time the password is considered obsolete, including useful information for the user concerning the importance of password renewal and the method of renewal.

Vulnerability Patterns

How Tos