4
edits
Changes
→Password Rotation
===Password Rotation===
Password rotations have proven to be a little tricky and this should only be used if there is lack of monitoring with-in within the applications and there is a mitigating reason to use rotations. Reasons being short password, or lack of password controls.
* Privileged accounts - Password for privileged accounts should be rotated every: 90 to 120 days.
* General User Account - It is also recommended to implement password rotations for general users if possible.