User Security

CJEPI · 2026-02-19T18:33:01+0000

Does the system support forced password change intervals?

Rene_V · 2026-02-19T19:12:09+0000

CJEPI said:
Does the system support forced password change intervals?

You can force someone to change their password by editing an user's profile from the Admin panel and from the Security lock drop down menu you must select the Locked: User must change password option.

There is no time interval option though.

CJEPI · 2026-02-19T19:23:12+0000

Thank you Rene_V for the answer. That is a shame as that functionality is a mandatory requirement of security in my field and a must have for our systems.

Rene_V · 2026-02-19T19:24:47+0000

CJEPI said:
Thank you Rene_V for the answer. That is a shame as that functionality is a mandatory requirement of security in my field and a must have for our systems.

No problem.

You can always request it to be custom coded for you.

Kirby · 2026-02-19T22:01:39+0000

CJEPI said:
That is a shame as that functionality is a mandatory requirement of security in my field and a must have for our systems.

I am not sure where this requirement comes from, but if you are in a position to question this policy I'd probably do so.

Strong passwords (or even no passwords at all!) are better than forcing users to change passwords at fixed intervals as that often leads to kinda weak passwords.

This is not my personal recommendation but from Bundesamt für Sicherheit in der Informationstechnik (german national cyber security authority) as can by read in this article by Heise; BSI dropped the recommendation to regulary change passwords in 2020 while NIST already did so in 2017:

Do not require that memorized secrets be changed arbitrarily (e.g., periodically) unless there is a user request or evidence of authenticator compromise. (See Section 5.1.1 for additional information).

smallwheels · 2026-02-19T22:18:29+0000

CJEPI said:
Does the system support forced password change intervals?

If you care for security instead for security theater password change is counterproductive, good passwords are not. Threfore I'd rather recommend the usage of this add on:

Resource icon X

Password Tools

Oct 1, 2018

Cause safer passwords are better passwords.

jeb35 · 2026-02-19T23:16:54+0000

Kirby said:
I am not sure where this requirement comes from, but if you are in a position to question this policy I'd probably do so.

Strong passwords (or even no passwords at all!) are better than forcing users to change passwords at fixed intervals as that often leads to kinda weak passwords.

This is not my personal recommendation but from Bundesamt für Sicherheit in der Informationstechnik (german national cyber security authority) as can by read in this article by Heise; BSI dropped the recommendation to regulary change passwords in 2020 while NIST already did so in 2017:

I work for a company that requires you to change your password every 60 days or so. It's a real pain.

User Security

CJEPI

New member

Rene_V

Active member

CJEPI

New member

Rene_V

Active member

Kirby

Well-known member

smallwheels

Well-known member

Password Tools

jeb35

Well-known member

Similar threads

We value your privacy