2.3.1 Secure initial passwords or activation codesΒΆ

Verify system generated initial passwords or activation codes SHOULD be securely randomly generated, SHOULD be at least 6 characters long, and MAY contain letters and numbers, and expire after a short period of time. These initial secrets must not be permitted to become the long term password.

Level 1 X
Level 2 X
Level 3 X
CWE NIST
330 5.1.1.2 / A.3