Authentication

Password policy without password expiration period

Risk Level

Informational (4)

Platform(s)

Description

It was found that password policy does not have password expiration period. By not rotating passwords, you increase the chances of user hijacking.
  • Recommended Mitigation

    It is recommended to set password expiration period in the password policy.