Return to Glossary

Insufficient Password Aging

Many enterprise security policies enforce “password aging,” i.e., require that users change their passwords at fixed intervals such as 90 or 180 days. It aims to either decrease the chances of an attacker coming into possession of an account password, or to respond to it.

Insufficient Password Aging allows a user to maintain the same password for an e insufficient-password-aging xtended length of time, increasing the risk of password-based attacks.

To mitigate exposure to attacks that take advantage of Insufficient Password Aging, a password aging mechanism can be introduced that forces users to periodically change their passwords. The purpose of this policy is to reinforce information security by establishing a strong but reasonable password management practice that follows commonly held security guidelines.

APPSEC PLATFORM

BY ROLE

BY IMPLEMENTATION

GOVERNMENT

BY NEED

APPSEC PLATFORM

BY ROLE

BY INDUSTRY

GOVERNMENT

BY NEED

Application Security Terminology

Insufficient Password Aging

APPSEC PLATFORM

BY ROLE

BY IMPLEMENTATION

GOVERNMENT

BY NEED

LOGIN

APPSEC PLATFORM

BY ROLE

BY INDUSTRY

GOVERNMENT

BY NEED

Application Security Terminology

Insufficient Password Aging