2.6 Ensure 'password_lifetime' is Less Than or Equal to '365'

Information

Ensure 'password_lifetime' is Less Than or Equal to '365'

Rationale:

Allows additional security factors pertinent to a specific user to provide further password security; predetermined by varying security needs and usability requirements in a system or organization.

Solution

To configure the global password lifetime to 365 by executing the following command:

set global default_password_lifetime = 365;

Alternatively, configure the password lifetime for each user returned by the audit procedure by executing the following command:

ALTER USER '<username>'@'<localhost>' PASSWORD EXPIRE INTERVAL 365 DAY;

Default Value:

NULL

See Also

https://workbench.cisecurity.org/files/3844

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(d)

Plugin: MySQLDB

Control ID: 5ffe617c90e49f7b4321ba5d4d15845067be97ffc0f77d68745c9b256f6fde90