- Listen to our monthly AppSec Stats Flash podcast
- LEARN MORE
Many enterprise security policies enforce “password aging,” i.e., require that users change their passwords at fixed intervals such as 90 or 180 days. It aims to either decrease the chances of an attacker coming into possession of an account password, or to respond to it.
Insufficient Password Aging allows a user to maintain the same password for an extended length of time, increasing the risk of password-based attacks.
To mitigate exposure to attacks that take advantage of Insufficient Password Aging, a password aging mechanism can be introduced that forces users to periodically change their passwords. The purpose of this policy is to reinforce information security by establishing a strong but reasonable password management practice that follows commonly held security guidelines.