Password Expiration
- 25 Apr 2023
- 1 Minute to read
- Contributors
- Print
- DarkLight
Password Expiration
- Updated on 25 Apr 2023
- 1 Minute to read
- Contributors
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback!
Password Expiration
Passwords can often be exploited if they never change. This is especially true for people who use the same password on multiple websites. If a website is hacked and passwords are leaked, then every account of that user that uses that password is at risk. To prevent this from affecting FormLink users, a Account can require a periodic password change from its users. This helps keep the password unique and protects against the aforementioned password leak scenario. There are two components to this setting:
- Maximum Age: When enabled, Accounts can request for passwords to expire after a designated amount of time. For example: if the expiration is set to 30 days, then users will be required to change their passwords on the 31st after the last password change. The default is 90 days but can be configured to any number. The recommended time lengths are 90, 180, and 365 days.
- Previous Passwords Disabled: After a password has been used, it can't be used again. A list of all previous passwords is kept for each user. When a user changes their password, this new password is checked against that list to verify it hasn't been used before. If it has been used then the password change will be denied and a new password will have to be entered
Was this article helpful?