[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Proposal for 1.3: Password expiration

Subject: Re: Proposal for 1.3: Password expiration
From: John Bell <..hidden..>
Date: Sat, 25 Apr 2009 09:33:45 +0300

Chris Travers wrote:

Hi all;

Aince I am now in the process of testing the user/role management
stuff for 1.3, I was thinking a sensible password expiration interface
would be a good thing to add.

Here is what I am thinking:

In System/defaults, we can add a value for the number of days a
password is valid for.

For the last week, a popup occurs once per day reminding one of the
need to change one's password.
In the last day, a popup occurs once per hour.

The rest can be easily pushed into our user management procedures
(already working).

What do people think?

As long as it's optional...

I have always held the view that expiring passwords are less secure thannon-expiring ones and lead to increased password recovery maintenanceissues. An expiring password has more risk of being forgotten, andhence has a greater chance that the user would need to write it down, orchange it according to a predictable sequence.


When did you last change the pin code on your credit card?

Cheers

John

Follow-Ups:
- Re: Proposal for 1.3: Password expiration
  - From: david

References:
- Proposal for 1.3: Password expiration
  - From: Chris Travers

Prev by Date: Proposal for 1.3: Password expiration
Next by Date: Re: logos left in /tmp
Previous by thread: Proposal for 1.3: Password expiration
Next by thread: Re: Proposal for 1.3: Password expiration
Index(es):
- Date
- Thread