Weak Password Policy - Common Passwords

A common safeguard against weak passwords is to check them against a list of known weak or popular choices (e.g., "P@ssw0rd"). However, if this setting is disabled, users may select these vulnerable passwords, increasing the risk of unauthorized access to accounts and sensitive data.

Tenable Identity Exposure analyzes all password policies, as this particular setting is mandatory, unlike other password policy settings, which may be left undefined.

Tenable Identity Exposure analyzes disabled password policies only when the corresponding IOE parameter is also disabled.

You must enable the "Restrict use of common passwords" setting in the reported password policy.

Okta recommends enabling this setting to prevent the use of common passwords. Tenable advises evaluating this setting in the context of your organization’s risk tolerance, applicable industry standards, and regulatory requirements specific to your sector and region. It's also important to consider the impact on end-user experience, as enabling this feature restricts users from selecting familiar or commonly used passwords.

Refer to Okta’s official documentation for guidance on how to configure correctly the reported password policy.

Name: Weak Password Policy - Common Passwords

Codename: WEAK-PASSWORD-POLICY-COMMON-PASSWORDS-OKTA

Severity: High

Type: Okta Indicator of Exposure