How often must passwords be changed?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI DSS Requirements Test with our interactive quizzes. Use multiple choice questions, flashcards, and detailed explanations. Ace your exam with confidence!

Multiple Choice

How often must passwords be changed?

Explanation:
Regular rotation of passwords limits how long a stolen credential can be used. PCI DSS sets a maximum password age of 90 days, so you must require changes at least every 90 days. This proactive practice helps reduce the risk from compromised credentials. If a compromise is suspected, an immediate change is required regardless of the schedule. Changing only if compromised leaves a window for misuse; 360 days is too long and weak; and the idea that non-consumer passwords aren’t required to change contradicts PCI DSS requirements for access to cardholder data. Therefore, the best practice is to enforce changes at least every 90 days.

Regular rotation of passwords limits how long a stolen credential can be used. PCI DSS sets a maximum password age of 90 days, so you must require changes at least every 90 days. This proactive practice helps reduce the risk from compromised credentials. If a compromise is suspected, an immediate change is required regardless of the schedule.

Changing only if compromised leaves a window for misuse; 360 days is too long and weak; and the idea that non-consumer passwords aren’t required to change contradicts PCI DSS requirements for access to cardholder data. Therefore, the best practice is to enforce changes at least every 90 days.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy