2.7 Ensure 'password_lifetime' is Less Than or Equal to '365'

Information

Password expiration provides users with a unique time bounded password lifetime.

Rationale:

Allows additional security factors pertinent to a specific user to provide further password security; predetermined by varying security needs and usability requirements in a system or organization.

Solution

To configure the global password lifetime to 365 by executing the following command:

set persist default_password_lifetime = 365;

Alternatively, configure the password lifetime for each user returned by the audit procedure by executing the following command:

ALTER USER '<username>'@'<localhost>' PASSWORD EXPIRE INTERVAL 365 DAY;

Default Value:

NULL

See Also

https://workbench.cisecurity.org/benchmarks/15112

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(d)

Plugin: MySQLDB

Control ID: 47ef21858e1d89498994b81570a2301db3e9012dd3b64a8d4d42177039d77eb2