Allowing password aging to occur unchecked can result in the possibility of diminished password integrity.
Just as neglecting to include functionality for the management of password aging is dangerous, so is allowing password aging to continue unchecked. Passwords must be given a maximum life span, after which a user is required to update with a new and different password.
Time of Introduction
Architecture and Design
Technical Impact: Gain privileges / assume
As passwords age, the probability that they are compromised
Likelihood of Exploit
A common example is not having a system to terminate old employee
Not having a system for enforcing the changing of passwords every
Phase: Architecture and Design
Ensure that password aging is limited so that there is a defined
maximum age for passwords and so that the user is notified several times
leading up to the password expiration.