Young hacker smiling

We hack your software

zero false positives

Expert intelligence + specialized technology

REQ.131 Deny multiple password changing attempts

This document contains the details of the security requirements related to the definition and management of access credentials in the organization. This requirement establishes the importance of managing password change mechanisms to avoid multiple password changes in less than 24 hours.


Passwords are not allowed to be changed more than once in the same day.


  1. OWASP-ASVS v3.1-2.8 Verify all identity functions (e.g. forgot password, change password, change email, manage 2FA token, etc.) have the security controls, as the primary authentication mechanism (e.g. login form).

Service status - Terms of Use