Information
Password expiry provides passwords with a time bounded lifetime.
Rationale:
The default_password_lifetime global variable prevents a password being set for an indefinite period. Excessive password expiration requirements do more harm than good, because these requirements make users select predictable passwords, composed of sequential words and numbers that are closely related to each other. More importantly, when events occur that could compromise password security account passwords should be expired immediately.
Impact:
Scripted clients or users dependent on automated login in a controlled environment will need to consider their authentication procedures. The server will accept the user but the user is placed in restricted mode. In restricted mode, operations performed within the session result in an error until the user establishes a new account password.
Solution
To remediate this recommendation, execute the following command:
SET GLOBAL default_password_lifetime=365;
Default Value:
360