I saw a couple of posts about this, but I did not see the final answer necessarily. Therefore, I thought that I would try to repeat this issue in a new context (Ministry of Defense).
According to DISA " Security and Application Development STIG, V3R2 ", section 3.1.24.2 Complexity and maintenance of passwords , DoD enterprise software has a fairly strict password management:
Passwords must be at least 15 characters long.
Passwords must contain a combination of uppercase letters, lowercase letters, numbers and special characters.
When changing the password, users should not be able to use personal information such as names, phone numbers, account names or dictionary words.
Passwords should expire after 60 days.
Users cannot reuse any of their previous 10 passwords.
Make sure that the application has the ability to require that the new account passwords differ from the previous password by at least four characters when changing the password.
Users cannot change passwords more than once a day, except in the case of an administrator or privileged user. Privileged users may need to reset the user, forgot passwords and the ability to change passwords more than once a day.
NullUserException, X ( , [ bullet 6]), , ( , , NSA). , , , , , Dan Vinton, .
, : - , , , ?
: APP3320.7 ( 6) : ", , , ". , , , . -. , , ?