Application Security Terminology

Glossary

Insufficient Password Aging

Many enterprise security policies enforce “password aging,” i.e., require that users change their passwords at fixed intervals such as 90 or 180 days. Insufficient Password Aging allows a user to maintain the same password for an extended length of time, increasing the risk of password-based attacks.

To mitigate exposure to attacks that take advantage of Insufficient Password Aging, a password aging mechanism can be introduced that forces users to periodically change their passwords. The purpose of this policy is to reinforce information security by establishing a strong but reasonable password management practice that follows commonly held security guidelines.