ASVS Requirement 6.4.1

• Level: 1
• Chapter: V6 Authentication
• Section: V6.4 Authentication Factor Lifecycle and Recovery
• Source: 0x15-V6-Authentication.md

Description

Verify that system generated initial passwords or activation codes are securely randomly generated, follow the existing password policy, and expire after a short period of time or after they are initially used. These initial secrets must not be permitted to become the long term password.