Difference between revisions of "Allowing password aging"
m (fixed link to Not_allowing_[for_]password_aging)
|Line 54:||Line 54:|
* [[Not allowing
* [[Not allowing password aging]]
Revision as of 08:27, 14 November 2008
This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.
Last revision (mm/dd/yy): 11/14/2008
Allowing password aging to occur unchecked can result in the possibility of diminished password integrity.
- Authentication: As passwords age, the probability that they are compromised grows.
- Design: Support for password aging mechanisms must be added in the design phase of development.
- Languages: All
- Operating platforms: All
Likelihood of exploit
Just as neglecting to include functionality for the management of password aging is dangerous, so is allowing password aging to continue unchecked. Passwords must be given a maximum life span, after which a user is required to update with a new and different password.
- A common example is not having a system to terminate old employee accounts.
- Not having a system for enforcing the changing of passwords every certain period.
- Control 1
- Control 2
- Design: Ensure that password aging is limited so that there is a defined maximum age for passwords and so that the user is notified several times leading up to the password expiration.
Related Technical Impacts