Password Policy: Password question requirement set to None
Impact area
Security
Severity
Medium
Affected element
Profile
Rule ID
SF-0114
Impact
Setting the password hint answer requirement to None allows the user to use the password itself as the answer to this question.
Remediation
Use the setting DoesNotContainPassword.
Time to fix
30 min
References
This rule is linked to Common Weakness Enumeration CWE-521 Weak Password Requirements.