Temp passwords must be changed at first login.
What it actually means
When you issue a temporary password (new hire, reset), the system must force the user to change it to a permanent one at first use — so temp credentials don't linger.
Pass or fail — an assessor needs a "yes" to each
- Temporary passwords require an immediate change at first logon (enforced).
What to have ready
- Identity-provider setting forcing change at first sign-in
Where teams trip up
- Temp passwords that work indefinitely
- Reset process that doesn't force a change
See where this control puts your score
Run all 110 requirements free in about 10 minutes.
Calculate your SPRS score →