Young hacker smiling

We hack your software

zero false positives

Attacking Applications, APIs, Mobile Apps Servers, Networks, IoT Devices
ICS: Industrial Control System
SOC: Security Operations Center

REQ.136 Force temporary passwords changing

This document contains the details of the security requirements related to the definition and management of access credentials in the organization. This requirement establishes the importance of defining mechanisms to force user to change temporary passwords after its first use.

Requirement

The system must force the change of temporary passwords generated automatically after its first use.

Referencias

  1. OWASP-ASVS v3.1-2.17 Verify that the forgotten password function and other recovery paths do not reveal the current password and that the new password is not sent in clear text to the user. A one time password reset link should be used instead.


Service status - Terms of Use