Dnn.Platform icon indicating copy to clipboard operation
Dnn.Platform copied to clipboard
verified publisher icon dnnsoftware

Force new user to change password at the first login

Open seek78 opened this issue 2 years ago • 9 comments

Hi, it will be useful to have a setting that force new users to change password at first login.

seek78 avatar Feb 02 '23 09:02 seek78

This feature exists, after creating the user, you can go to the user setting and click on [Force Password Change] link. image

valadas avatar Feb 03 '23 07:02 valadas

What I meant was for automatic for newly created users, not manually as you indicated.

seek78 avatar Feb 03 '23 08:02 seek78

Oh, I misunderstood, reopening this for further discussion

valadas avatar Feb 03 '23 08:02 valadas

If this gets done, it would be cool to also have an option to force password resets every x days...

valadas avatar Feb 03 '23 08:02 valadas

If this gets done, it would be cool to also have an option to force password resets every x days...

frequent password changes are no longer suggested by security experts (and Microsoft)

sleupold avatar Feb 03 '23 10:02 sleupold

I agree with Sebastian that it's not a recommended configuration, but we do support that feature, @valadas (under Security, Member Accounts tab, Member Management sub-tab) Settings for with help bubble stating "Enter the number of days before a user must change their password. Enter 0 (zero) if the password should never expire."

@seek78 are you thinking of a toggle when creating a user (just like you can select Random Password you could select Force Password Change? Or just a higher-level policy that would always force the password change without a choice?

You could do this yourself by implementing IUserEventHandlers to handle the UserCreated event.

bdukes avatar Feb 03 '23 15:02 bdukes

OMG, I actually used that feature in the past and totally forgot it existed...

valadas avatar Feb 03 '23 17:02 valadas

I agree with Sebastian that it's not a recommended configuration, but we do support that feature, @valadas (under Security, Member Accounts tab, Member Management sub-tab) Settings for with help bubble stating "Enter the number of days before a user must change their password. Enter 0 (zero) if the password should never expire."

@seek78 are you thinking of a toggle when creating a user (just like you can select Random Password you could select Force Password Change? Or just a higher-level policy that would always force the password change without a choice?

You could do this yourself by implementing IUserEventHandlers to handle the UserCreated event.

Hi, the first one: a toggle that force the password change at first access of users. Better if this setting is at portal level.

Thanks

seek78 avatar Feb 06 '23 10:02 seek78

We have detected this issue has not had any activity during the last 90 days. That could mean this issue is no longer relevant and/or nobody has found the necessary time to address the issue. We are trying to keep the list of open issues limited to those issues that are relevant to the majority and to close the ones that have become 'stale' (inactive). If no further activity is detected within the next 14 days, the issue will be closed automatically. If new comments are are posted and/or a solution (pull request) is submitted for review that references this issue, the issue will not be closed. Closed issues can be reopened at any time in the future. Please remember those participating in this open source project are volunteers trying to help others and creating a better DNN Platform for all. Thank you for your continued involvement and contributions!

stale[bot] avatar May 22 '23 06:05 stale[bot]