Thread

Is there a feature that allows you to set a password expire in the members module?  Example:  I have a secure area with members assigned to it.  I want them to change their passwords every 30 days. 

If this isnt a feature, does anyone know of a way to do this?  Thanks!

Moved to CodeShare Corner by Moderator

I don’t know of anything to do that. I guess you might be able to run some sort of cron job that sets the passwords to some random string so that the users can’t log in and then get them to use the Forgot Password link to enable them to reset it. Not very nice for an end user though.

Mind if I ask why you need them to change their passwords? Are people managing to break in or something?

Best wishes,

Mark

sleven1868,

As Mark mentions that feature is not available in EE.

I can however move this thread to the CodeShare Corner is you wish to brainstorm it some more though?

@Mark - We find that the users of our secure area are very lax with their passwords.  We are a startup so as we get more sophisticated, we will weed out those type of users.  Cron job sounds like a possible idea.  thanks!

@John - Yes, please move to the codeshare corner.  Thanks!

@Mark - We find that the users of our secure area are very lax with their passwords.  We are a startup so as we get more sophisticated, we will weed out those type of users.

So you’re going to be deleting / banning users just because their own password isn’t very secure? Sounds a bit unfair 😉

Not deleting or banning.  We want to force them to change their password every 30 days or once a quarter.  I know it sounds a little too much but that’s what my client is asking for.  Is there a way to make a password more secure?  Like require them to use at least one number, an upper and lower case letter, and a special character.  That might be an option.

That would require some Javascript on the front-end to get them to enter the right sort of thing but then you’d probably want to back that up with an extension incase they had Javascript disabled and posted something that didn’t fit the bill.

Hi sleven,

There is an option in EE that may be of use to you. In the CMS, go to Admin › System Preferences › Security and Session Preferences.

You should see an option called “Require Secure Passwords?”. If you set this to Yes then users will need to use at least one uppercase, one lowercase and one numeric character. From memory, I think it forces the password to be above a certain length as well, but you’d need to test that as i’m not 100% certain 😉

Hope this helps,
Chuck

Very good point. I had completely forgotten about that setting.

I had almost forgotten about it too mark 😉 haven’t needed to use that setting for a while.

Actually, just looking at it again, the last two options at the bottom of that screen allow you to set the minimum length for username and password too 😊

Late to the party—moving to the CodeShare Corner so ya’ll can continue chatting.