Password Expire Policy

hanicker · December 13, 2021, 10:16am

My idea is:
Add a password expire policy: eg. after a configurable amount of time (eg. 6 month) the user is forced to change password on login

I think these groups of people would benefit from this idea:
The end user security and companies that needs to deal with GDPR and ISO or PCI DSS

Why I think they would benefit from this idea:
This allow compliance, together with a policy to strengthen the password

Any code or resources to support this idea:
there are some commonly used libraries to enforce password strength

Topic		Replies	Views
Add the possibility to have the definition of the MINIMUM_PASSWORD_STRENGTH_ALLOWED constant value in a config file instead of have it hardcoded on the class PasswordStrengthEstimatorModel Ideas and Feature Requests	1	13	August 31, 2024
Expiring links Ideas and Feature Requests	0	275	February 1, 2022
Mautic Admin Login Expiring to soon. Product Support	1	255	February 15, 2017
Permanent Oauth2 Access Tokens Ideas and Feature Requests	1	517	June 17, 2016
Access token lifetime (in minutes) and Refresh token lifetime (in days) missing Product Support	6	884	February 2, 2020