John Bell wrote:
Chris Travers wrote:Hi all; Aince I am now in the process of testing the user/role management stuff for 1.3, I was thinking a sensible password expiration interface would be a good thing to add. Here is what I am thinking: In System/defaults, we can add a value for the number of days a password is valid for. For the last week, a popup occurs once per day reminding one of the need to change one's password. In the last day, a popup occurs once per hour. The rest can be easily pushed into our user management procedures (already working). What do people think?As long as it's optional...
I agree totally. I for one would not want to use enforced password changes. If you are putting in a System option, then why not have an option for "never". Options are wonderful things ;-)
David.
I have always held the view that expiring passwords are less secure than non-expiring ones and lead to increased password recovery maintenance issues. An expiring password has more risk of being forgotten, and hence has a greater chance that the user would need to write it down, or change it according to a predictable sequence.When did you last change the pin code on your credit card? Cheers John ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensign option that enables unlimitedroyalty-free distribution of the report engine for externally facing server and web deployment.http://p.sf.net/sfu/businessobjects _______________________________________________ Ledger-smb-users mailing list ..hidden.. https://lists.sourceforge.net/lists/listinfo/ledger-smb-users