Overview
Allowing password aging to occur unchecked can result in
the possibility of diminished password integrity.
Consequences
- Authentication: As passwords age, the probability
that they are compromised grows.
Exposure
period
- Design: Support for password aging mechanisms must
be added in the design phase of development.
Platform
Required
resources
Any
Severity
Medium
Avoidance
and
mitigation
- Design: Ensure that password aging is limited so
that there is a defined maximum age for passwords and so
that the user is notified several times leading up to
the password expiration.
Discussion
Just as neglecting to include functionality for the
management of password aging is dangerous, so is allowing
password aging to continue unchecked. Passwords must be
given a maximum life span, after which a user is required to
update with a new and different password.
Examples
- A common example is not having a system to terminate
old employee accounts.
- Not having a system for enforcing the changing of
passwords every certain period.
