2.6 Ensure 'password_lifetime' is Less Than or Equal to '365'

Information

Password expiration provides users with a unique time bounded password lifetime.

Rationale:

Allows additional security factors pertinent to a specific user to provide further password security; predetermined by varying security needs and usability requirements in a system or organization.

Solution

To configure the global password lifetime to 365 by executing the following command:

SET GLOBAL default_password_lifetime=365;

Alternatively, configure the password lifetime for each user returned by the audit procedure by executing the following command:

ALTER USER '<username>'@'<localhost>' PASSWORD EXPIRE INTERVAL 365 DAY;

Default Value:

0

See Also

https://workbench.cisecurity.org/benchmarks/16527

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(d)

Plugin: MySQLDB

Control ID: 6ad8a2ce0927eb754e4312ae5d3ce0402c2803a353f98fc4b0df1d1822db9ed3