Timed auto PW reset

Discussions about new features or changes in existing features

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

Timed auto PW reset

Postby carpenox » Mon Oct 26, 2020 8:56 am

Is this possible? to have the user accounts ask for PW to be changed on a certain time limit? 30 days, etc
Alma Linux 9.3 | Version: 2.14-911a | SVN Version: 3815 | DB Schema Version: 1710 | Asterisk 18.18.1
www.dialer.one -:- 1-833-DIALER-1 -:- https://linktr.ee/CyburDial -:- WhatsApp: +19549477572 -:- Skype: live:carpenox_3
carpenox
 
Posts: 2230
Joined: Wed Apr 08, 2020 2:02 am
Location: Coral Springs, FL

Re: Timed auto PW reset

Postby mflorell » Mon Oct 26, 2020 1:06 pm

That's not currently a feature, and the NIST recently(4 years ago) removed their recommendation for forcing changing of passwords on a timed basis because it actually has proven to make systems less secure. So, we probably wouldn't be adding it as a feature unless a client paid us to do so.
https://nakedsecurity.sophos.com/2016/0 ... d-to-know/

"No more expiration without reason. This is my favourite piece of advice: If we want users to comply and choose long, hard-to-guess passwords, we shouldn’t make them change those passwords unnecessarily.

The only time passwords should be reset is when they are forgotten, if they have been phished, or if you think (or know) that your password database has been stolen and could therefore be subjected to an offline brute-force attack."
mflorell
Site Admin
 
Posts: 18335
Joined: Wed Jun 07, 2006 2:45 pm
Location: Florida

Re: Timed auto PW reset

Postby carpenox » Mon Oct 26, 2020 2:49 pm

Ok thanks Matt.

-nox
Alma Linux 9.3 | Version: 2.14-911a | SVN Version: 3815 | DB Schema Version: 1710 | Asterisk 18.18.1
www.dialer.one -:- 1-833-DIALER-1 -:- https://linktr.ee/CyburDial -:- WhatsApp: +19549477572 -:- Skype: live:carpenox_3
carpenox
 
Posts: 2230
Joined: Wed Apr 08, 2020 2:02 am
Location: Coral Springs, FL

Re: Timed auto PW reset

Postby williamconley » Fri Oct 30, 2020 7:08 pm

They left off one situation where it should be changed: Coworker fired for fraud or other malfeasance. Or if for any other reason you believe passwords may be shared among coworkers. If someone seems to have logged in to one system after they clocked out for the night, for instance, that should be a red-flag and that person should be immediately locked out of all systems in some situations.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20018
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Timed auto PW reset

Postby carpenox » Fri Oct 30, 2020 9:49 pm

yea but thats as easy as a manual trigger
Alma Linux 9.3 | Version: 2.14-911a | SVN Version: 3815 | DB Schema Version: 1710 | Asterisk 18.18.1
www.dialer.one -:- 1-833-DIALER-1 -:- https://linktr.ee/CyburDial -:- WhatsApp: +19549477572 -:- Skype: live:carpenox_3
carpenox
 
Posts: 2230
Joined: Wed Apr 08, 2020 2:02 am
Location: Coral Springs, FL


Return to Features

Who is online

Users browsing this forum: No registered users and 28 guests