1.2 - Strong Password policy should be implemented - Minimum Password Age

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Strong Password policy should be implemented to protect user access.

Application default passwords are widely known and typically initial targets for attacks. The risk that unauthorized access will be obtained is increased if these passwords are not changed.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

1. Login to the Administration Console.
2. In the Change Centre, click Lock & Edit.
3. In the left pane, select the Domain name.
4. Select Security Realms > Name of the active Security Realm.
5. Select Providers > Password Validation.
6. Select the name of the Password composition checks entry.
7. Select the Provider Specific tab.
8. Enter the suggested password settings
9. Save and confirm the change