How to track the number of users with passwords that never expire

Tracking the number of users with passwords that never expire

Very few (if any) accounts should have passwords that never expire. A non-expiring password allows attackers the greatest opportunity to maintain access indefinitely if they are undetected by other means. If an account requires a static password make sure it is extremely long, complex and random to help protect from brute-force attacks.

From the list on the left, find “No. of users with passwords that never expire,” click on it to highlight the selection, and click the “>” arrow to move it to the selection field (Optional: select the color of the chart using the drop-down menu).

Tips for interpreting this report

When enforcement of a regular password change policy starts this graph should have a downward slope from left to right.  Once the policy is in place the line should remain at a constant low level.  Little if any growth is expected.  If there are minor increases, proper documentation should be accompanied the account without a password expiration so it is monitored more closely for abuse, or misuse.  Spikes or steady growth indicate a breakdown in following the password expiration policy which should be addressed administratively.

Return to the index to learn more.

Want to run this report on your network for free?

Request a Demo