3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The PASSWORD_LIFE_TIME setting determines how long a password may be used before the user is required to be change it. The suggested value for this is 90 days or less.

Rationale:

Allowing passwords to remain unchanged for long periods makes the success of brute-force login attacks more likely.

Solution

Remediate this setting by executing the following SQL statement for each PROFILE returned by the audit procedure.

ALTER PROFILE <profile_name> LIMIT PASSWORD_LIFE_TIME 90;

See Also

https://workbench.cisecurity.org/files/4252