1. Field of the Invention
The present application relates generally to improved security in a data processing system and in particular to a computer implemented method, data processing system and computer program product for password expiration based on vulnerability detection.
2. Description of the Related Art
A common best practice of security and password administration is to cause user passwords to expire, forcing the user to change their password periodically. Not only do users cycle their password changes, they commonly change all of their passwords to be the same. For example, within a company users may be required to use a common tool or utility which specifically facilitates multiple password changes with a “change all passwords” feature.
The practice of changing multiple passwords to be the same exposes vulnerability, in that when one password is compromised, all of the user's passwords are compromised. Intruders leverage this vulnerability when they discover a password, for example, by a keyboard logger or network packet snooping. The intruders then reuse the discovered password on all of the user's accounts and other systems. This technique allows the attacker to break into the weakest of systems and quickly escalate their penetration into the most secure of systems.