[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Proposal for 1.3: Password expiration





John Bell wrote:
Chris Travers wrote:
Hi all;

Aince I am now in the process of testing the user/role management
stuff for 1.3, I was thinking a sensible password expiration interface
would be a good thing to add.

Here is what I am thinking:

In System/defaults, we can add a value for the number of days a
password is valid for.

For the last week, a popup occurs once per day reminding one of the
need to change one's password.
In the last day, a popup occurs once per hour.

The rest can be easily pushed into our user management procedures
(already working).

What do people think?


As long as it's optional...


I agree totally. I for one would not want to use enforced password changes. If you are putting in a System option, then why not have an option for "never". Options are wonderful things ;-)

David.


I have always held the view that expiring passwords are less secure than non-expiring ones and lead to increased password recovery maintenance issues. An expiring password has more risk of being forgotten, and hence has a greater chance that the user would need to write it down, or change it according to a predictable sequence.

When did you last change the pin code on your credit card?

Cheers

John

------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensign option that enables unlimited
royalty-free distribution of the report engine for externally facing server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Ledger-smb-users mailing list
..hidden..
https://lists.sourceforge.net/lists/listinfo/ledger-smb-users