2.7 Ensure 'password_lifetime' is Less Than or Equal to '365'

Information

Password expiration provides users with a unique time bounded password lifetime.

Rationale:

Allows additional security factors pertinent to a specific user to provide further password security; predetermined by varying security needs and usability requirements in a system or organization.

Solution

To configure the global password lifetime to 365 by executing the following command:

set persist default_password_lifetime = 365;

Alternatively, configure the password lifetime for each user returned by the audit procedure by executing the following command:

ALTER USER '<username>'@'<localhost>' PASSWORD EXPIRE INTERVAL 365 DAY;

Default Value:

NULL

See Also

https://workbench.cisecurity.org/benchmarks/10139

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(d)

Plugin: MySQLDB

Control ID: 4ac6c60df078737c589164a16764485dc3cc2996688ccb9fad41d72ea92dbb28