3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90'

Information

The PASSWORD_LIFE_TIME setting determines how long a password may be used before the user is required to be change it. The suggested value for this is 90 days or less.

Allowing passwords to remain unchanged for long periods makes the success of brute-force login attacks more likely.

Solution

Remediate this setting by executing the following SQL statement for each PROFILE returned by the audit procedure.

ALTER PROFILE <profile_name> LIMIT PASSWORD_LIFE_TIME 90;

See Also

https://workbench.cisecurity.org/benchmarks/11760