Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us

REQ.136 Force temporary passwords changing

This document contains the details of the security requirements related to the definition and management of access credentials in the organization. This requirement establishes the importance of defining mechanisms to force user to change temporary passwords after its first use.


The system must force the change of temporary passwords generated automatically after its first use.


  1. OWASP-ASVS v3.1-2.17 Verify that the forgotten password function and other recovery paths do not reveal the current password and that the new password is not sent in clear text to the user. A one time password reset link should be used instead.

  2. OWASP Application Security Requirements Upon initial or first instance of requesting the application the user should be forced to select their password.

Service status - Terms of Use