Credentials, in the form of memorised secrets, are not reused by users across different systems.
Topic
Setting credentials for user accounts
Applicable to
all
History
Dec 2022
Credentials, in the form of memorised secrets, are not reused by users across different systems.
The existing control relating to passphrases not being reused for single-factor authentication across different systems was expanded to cover all memorised secrets, including when used as part of multi-factor authentication.
Mar 2022
Passphrases are not reused for single-factor authentication across different systems.
Miscellaneous changes were made to rationale and recommendations throughout the publication to clarify content without changing intent. This included a review from the Guidelines for System Hardening chapter through to the Guidelines for Data Transfers chapter.
Aug 2020
Passphrases used for single-factor authentication can not be used to authenticate to multiple different systems.
Security control 1596 was introduced to prevent the sharing of passwords/passphrases used for single-factor authentication across different systems.