2.6 Ensure 'password_lifetime' is Less Than or Equal to '365'

Information

Ensure 'password_lifetime' is Less Than or Equal to '365'

Rationale:

Allows additional security factors pertinent to a specific user to provide further password security; predetermined by varying security needs and usability requirements in a system or organization.

Solution

To configure the global password lifetime to 365 by executing the following command:

set global default_password_lifetime = 365;

Alternatively, configure the password lifetime for each user returned by the audit procedure by executing the following command:

ALTER USER '<username>'@'<localhost>' PASSWORD EXPIRE INTERVAL 365 DAY;

Default Value:

NULL

See Also

https://workbench.cisecurity.org/files/3855

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(d)

Plugin: MySQLDB

Control ID: 27d3cabc77d1534533a5a82a4455f9dcba3c148d6ef6442a8534c05b7d43fa49