Password Rotation
Definition
Password rotation is a security policy that mandates the periodic change of user account passwords to mitigate the risk of unauthorized access due to compromised credentials.
How it works
Users may be requested to change their passwords on a regular schedule. Management servers with enterprise policies for account management provide the ability to change or reset passwords for accounts.
Considerations
Requiring users to change their passwords frequently can result in insecure password practices by the user. The latest update of NIST SP 800-63B, Digital Identity Guidelines, recommends requiring password reset only when a known compromise has occurred, or every 365 days, rather than every 60 or 90 days.
Technique Subclasses
There are 2 techniques in this category, Password Rotation.
| Name | ID | Definition | Synonyms |
|---|---|---|---|
| Password Rotation | D3-PR | Password rotation is a security policy that mandates the periodic change of user account passwords to mitigate the risk of unauthorized access due to compromised credentials. | |
| - One-time Password | D3-OTP | A one-time password is valid for only one user authentication. | OTP |
References
The following references were used to develop the Password Rotation knowledge-base article.
(Note: the consideration of references does not imply specific functionality exists in an offering.)