Skip to main content

TIER Password Security

  1. Last updated
  2. Save as PDF

Overview

Change passwords on a regular basis to limit an account's exposure to misuse.

Details

Every time you enter your password it is at risk of compromise - by someone looking over your shoulder, through interception as it travels across the network, and so on. The more your password is used, the more opportunities there are for it to be disclosed inadvertently. There are also important administrative reasons why forced expiration of passwords is desirable, as described in the following list.

  • To enforce compliance with other new password controls (For example, when your organization requires all passwords to contain at least one number, capital letter, or special character, expiring the passwords allows the change to be brought in across the entire organization within a fixed time frame.)
  • To help identify inactive accounts
  • To help identify overactive accounts (Resetting a password may uncover misuse; it may also identify legitimate but undocumented situations where an account is simultaneously being used by more than one person.)

In light of the above considerations, forced expiration of passwords is considered good practice, and policies supporting such action are widely recommended.
You can also refer to the "Require User to Change Password" knowledge base article for help with changing passwords.

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
  2. Tags
    1. password
    2. role:sysadmin
    3. search:ready
    4. security
    5. TIER
    6. TIER security
    7. user password