Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
To meet password policy requirements, passwords need to be changed at specific policy-based intervals. However, if the application server allows the user to reuse their password when that password has exceeded its defined lifetime, the end result is a defacto reuse of an existing password.
App servers have the capability to utilize LDAP, certificates (tokens), or user IDs and passwords in order to authenticate. When the AS utilizes user IDs and passwords, the AS must prohibit the reuse of the user's password for the organization defined number of password changes.
|