Fluid Attacks logo
Login
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us
GET A DEMO

R130. Limit password lifespan

This document details the security requirements related to credentials for access to sensitive information of the organization. In this requirement, it is recommended that the system does not allow its passwords to have a lifespan of more than 30 days.

Requirement

Passwords must be valid for a maximum of 30 days.

References

  1. CWE-263: Password Aging with Long Expiration. Allowing password aging to occur unchecked can result in the possibility of diminished password integrity.


Service status - Terms of Use