Chris Travers wrote: > Hi all; > > Aince I am now in the process of testing the user/role management > stuff for 1.3, I was thinking a sensible password expiration interface > would be a good thing to add. > > Here is what I am thinking: > > In System/defaults, we can add a value for the number of days a > password is valid for. > > For the last week, a popup occurs once per day reminding one of the > need to change one's password. > In the last day, a popup occurs once per hour. > > The rest can be easily pushed into our user management procedures > (already working). > > What do people think? > > > As long as it's optional...
I have always held the view that expiring passwords are less secure than non-expiring ones and lead to increased password recovery maintenance issues. An expiring password has more risk of being forgotten, and hence has a greater chance that the user would need to write it down, or change it according to a predictable sequence. When did you last change the pin code on your credit card? Cheers John ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensign option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ Ledger-smb-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ledger-smb-users
