Password Policy Expiration too weak - Non-expiring passwords
Impact area
Security
Severity
Medium
Affected element
Profile
Rule ID
SF-0108
Impact
Weak password expiration policies can open you up to brute force and dictionary attacks. Non-expiring passwords are unsafe.
Remediation
Modify the password expiration time to ninety days or less.
Time to fix
30 min
References
This rule is linked to Common Weakness Enumeration CWE-521 Weak Password Requirements.