Description
If no mechanism is in place for managing password aging, users will have no incentive to update passwords in a timely manner.
Security experts have often recommended that users change their passwords regularly and avoid reusing passwords. Although this can be an effective mitigation, if the expiration window is too short, it can cause users to generate poor or predictable passwords. As such, it is important to discourage creating similar passwords. It is also useful to have a password aging mechanism that notifies users when passwords are considered old and requests that they replace them with new, strong passwords. Companion documentation which stresses how important this practice is can help users understand and better support this approach.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit: Low
Related Weaknesses
CWE-287
CWE-404
CWE-309
CWE-263
CWE-324
Consequences
Access Control: Gain Privileges or Assume Identity
As passwords age, the probability that they are compromised grows.
Potential Mitigations
Phase: Architecture and Design
Description:
As part of a product’s design, require users to change their passwords regularly and avoid reusing previous passwords.