Manage User Password Expirations by Policy
LuxSci now provides account administrators with the option of having user passwords “expire” once they become “too old”. Many organizations have internal policies requiring that users change their password periodically, such as every 90 days, every year, etc. This new feature allows enforcement of such policies for users of LuxSci accounts.
How does it work?
- The account administrator can enable a “Password Change Policy” requiring users to change their passwords once they get “too old”. Too old can be set from 7 days old to 365 days old.
- In the same place, the account administrator can configure when password expiration warning messages are sent to users. There are two warnings and they can be configured to be sent from 30 days to 1 day before the user’s password will expire. These warning messages give the user two changes to be alerted to the imminent expiration and give instructions on how to update his/her password before it does expire.
- If a user’s password does expire, the user loses access to all services except for the standard Web Interface. This includes POP, IMAP, SMTP, FTP, SFTP, Xpress portal, etc. The user can login into the standard Web Interface; however, as soon as s/he does, s/he is forced to update his/her password immediately. Once the password is updated, access to all other services is restored.
- Once a user’s password is changed, the age is reset and the “countdown” to the next expiration begins again.
This makes it simple for administrators to enforce old password expiration while giving users plenty of warning and the opportunity to update their passwords themselves, as needed, before or after they expire.
Additional Features and Notes
- Exemptions: Administrators can exempt particular users and/or all users in particular domains from their password expiration policy. This is particularly useful, for example, for users that are only used by automated processes, like email archival ingestion or a fax machine for sending faxes to email. For such users, having their password expire may not be appropriate.
- Reset Everyone’s Last Password Change Date: This feature allows administrators to reset the date everyone “last changed their password”. For example, if you have been a LuxSci customer for some time but want to institute a new password expiration policy, some or all users passwords may already be “too old”. Use this feature to globally update everyone so that their passwords do not expire immediately — so that they have some time to get expiration warnings and update their passwords.
- Auditing: LuxSci keeps a permanent internal audit trail of the use of the password expiration policies. This includes changes to the policies and expiration of users due to the policies — we can go back and look up this information for you as needed.
- Administration: Administrators can, in the User Configuration pages, see exactly when a user last changed his/her password and when that password will expire. The administrator can also easily see if the password is currently expired, causing the user to be suspended from access to services.