Ability to Reset Password Every 30-60-90 etc. Days

Tony Ursino shared this idea 1 month ago
Idea Logged

As an administrator, I would like to enforce how often passwords must be reset. Many organizations require users to change passwords every 30-60-90 days. Currently in YF; I can enforce the length and configuration requirements, but can't not enter a duration (days) which a password expires. This limitation places the use of the application as 'non-compliant' with our IT/Security Team.

Comments (8)

photo
1

Hi Tony,

Thanks for reaching out. There is currently no option to set passwords to expire every X days, however, there is an existing internal enhancement request for such functionality, so I've gone ahead and updated that task to include you as a client in favor of this enhancement. We do not have this linked to a public Idea ticket yet though, so is it okay if I go ahead and change this to an Idea ticket so this can be referenced publicly in our Community so that others may potentially "thumbs up" and comment on it? Doing such may increase likelihood of this idea being chosen for future development.

That said, while there is no option to make passwords expire in this way, it is possible to set a specific expiration date, by changing the value of EndDate columns for the corresponding user in the 'ipclass' table:

/j85tc8uSXHHxwAAAABJRU5ErkJggg==

Hopefully this is a suitable workaround for you.

Thanks,

Mike

photo
1

Hi Tony,

Actually, the EndDate applies to the user account expiring itself, so you wouldn't want to use that. The way to trigger a password reset is to change the PasswordExpired value from 0 to 1, but there's no way to trigger this every X days as requested here from within YF's UI automatically. You could use some sort of third party task scheduler to execute an UPDATE statement to reset passwords every X days in the meantime though.

Regards,

Mike

photo
1

Is there a 'last updated' date for passwords which a scriptcould run off of?

I was told that an ‘IPclass’ script could also work?

photo
1

Hi Tony,

Thanks for your reply. The script you'd be running would be in the 'IpClass' table, as that's where the 'PasswordExpired' value's are contained. There is no last updated field in that table or in the 'person' table where further user details are stored.

Regards,

Mike

photo
1

Thank you Mike for the feedback.

If there's not a 'LastUpdatedDate' or something similar, we can't create a script to update the 'IpClass' table to enforce a new password- since every user will have different password dates. I suppose the only workaround if to reset everyone's password on the 1st of the month (appx 30 days) via the script?

photo
1

Hi Tony,

That's correct. This would be perhaps the most significant drawback of this method, which is another reason why I think this is a good candidate for future enhancement. Indeed you could go ahead and inform current employees that, for example, starting the 1st of February, and every 30 days thereafter, passwords will be reset... something along those lines to workaround these limitations. This may not be ideal but at least there's some way to achieve what you're after here.

Regards,

Mike

photo
1

Thank you Mike. While not ideal, I think it does solve for the IT compliance issue as a work-around. Do you know if other YF 'highly compliant' clients have expressed this need? Do you think this enhancement would be prioritized in the 2019 calendar year?

photo
1

Hi Tony,

You're welcome. I couldn't say when or if this would be implemented. I've bumped priority on this in our internal task and am converting this to an Idea ticket to see if we get any additional votes. You're the third client to request this feature, and the more the better! Any updates, one way or the other, I will be posting here.

Regards,

Mike