Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us

REQ.131 Deny multiple password changing attempts

This document contains the details of the security requirements related to the definition and management of access credentials in the organization. This requirement establishes the importance of managing password change mechanisms to avoid multiple password changes in less than 24 hours.


Passwords are not allowed to be changed more than once in the same day.


  1. OWASP-ASVS v3.1-2.8 Verify all identity functions (e.g. forgot password, change password, change email, manage 2FA token, etc.) have the security controls, as the primary authentication mechanism (e.g. login form).

Service status - Terms of Use