powershell-universal icon indicating copy to clipboard operation
powershell-universal copied to clipboard
verified publisher icon ironmansoftware

Expiring/complex passwords for local users

Open schubfre opened this issue 1 year ago • 2 comments

Summary of the new feature / enhancement

As a user I want to be able to configure a global password expiration policy for local users. It would also help if there were complexity settings regarding the password.

Proposed technical implementation details (optional)

No response

schubfre avatar Feb 06 '24 14:02 schubfre

It's probably better to use external authentication instead. SAML, OAUTH, AD, etc.

bscharff avatar Feb 07 '24 17:02 bscharff

There are use-cases, where it isn't possible to use other providers. For example if you don't want any chance of lateral movement and want your local accounts managed by cyberark where every step is recorded in accord to a zero-trust policy.

Anyway, it should be common security practice to not have users where a password with the value 'aaa123' is possible and where a password expires after a set amount of time.

schubfre avatar Feb 08 '24 07:02 schubfre