password renewal

fmvalsera

Hi all,

I was wondering if it's posible to have a password renewal policy for logins (for instance, the system will ask the user for a new password every 365 days).

I know it is posible to set other password constraints like "It must contains special characters" or a minimum length, but i cannot find anything related to password renewal. I don't see any task in the system scheduler neither.

Well, probably I'm missing something or simply It is not implemented yet. In that case, would It be useful to add such a feature?

Regards

gabriel

Hello again 🙂

Forcing users to change passwords regularly is nowadays considered bad practice; it does not strengthen system security much at all, while making people more likely to choose bad/easy to guess passwords.

Here is a very good summary from NIST: https://pages.nist.gov/800-63-FAQ/#q-b05

We´ve decided to implement recommended security features instead. Besides many features in the backend that are invisible to most, we´ve added MFA, which is one of the most important security features to use.

If you definitely need expiring passwords, you can use an external directory service (such as AD/LDAP) - though it´s currently only available with REI3 Professional by default.

fmvalsera

Hi Gabriel,

thanks for your quick and wise reply one more time. I understand your rationale and I agree.

For sure MFA is a strong way to secure the login nowadays, although probably it is not yet widely accepted due to its extra configuration step (I mean the OTP app).

Let's pray for its extensive adoption as a standard so that we don't have to worry too much about the passwords policies in the future ;-)

Thanks again for your time.
Regards.

gabriel

There are even nicer standards on the road - if Passkeys find wide atoption, we will be happy to implement them as well 🙂