Category: security (-> must have)
I want to suggest to implement the feature: password expiration.
It would greatly improve security if passwords had to be changed from time to time (and if passwords had to be of a certain complexity).
Idea:
- the system stores a date for every user: it holds the validity date of the password.
- after password expires:
- user will be inactivated
- password needs to be changed at logon ( + reactivation)
- default expiration period (in days) can be set by admin
by: Sandor B. | 7 months ago | *All other
Comments
Thank you for the suggestion. We will consider it once we receive more support from our customer base.
Some clarifying questions:
Are you asking if this change is intended only for internal Release users? External users are managed through OIDC/LDAP providers.
What would be the default password expiration value for users in your use case?