Important Notice from AspDotNetStorefront
It is with dismay that we report that we have been forced, through the action of hackers, to shut off write-access to this forum. We are keen to leave the wealth of material available to you for research. We have opened a new forum from which our community of users can seek help, support and advice from us and from each other. To post a new question to our community, please visit: http://forums.vortx.com
Results 1 to 5 of 5

Thread: admin account password expiration

  1. 11-11-2009, 01:22 PM #1
    bradhh is offline Junior Member
    Join Date
    Feb 2009
    Posts
    12

    Default admin account password expiration

    Is it possible to change the period of password expiration for the admin site? Best I can tell the password expires every thirty days, and no password is ever allowed to be reused. For the purposes of my site administrator this is excessive, requiring him to keep the password written down as he's unable to remember which password he used last. The stringent password expiration rules force him into unsafe practices.

    The ability to allow the password to remain valid for 90 days would help significantly, as we'd not have to change so frequently, and would be less likely to be confused between the last three passwords.

    Thanks -
    Brad
  2. 11-11-2009, 06:54 PM #2
    Jao is offline Senior Member
    Join Date
    Oct 2008
    Posts
    1,132

    Default

    You could set the AppConfig: AdminPwdChangeDays to a specific value you intend to lengthen the Expiration.
    Last edited by Jao; 11-11-2009 at 06:59 PM.
  3. 11-12-2009, 08:26 AM #3
    bradhh is offline Junior Member
    Join Date
    Feb 2009
    Posts
    12

    Default

    Right, I don't want to remove the password change requirement, that's excessive. I just want to change the expiration period. That seems like an odd value to have hard-coded.
  4. 11-12-2009, 09:46 AM #4
    bobgage is offline Junior Member
    Join Date
    Jun 2009
    Posts
    11

    Default

    Is there a minimum requirement for this to remain compliant with PCI or other best security practices?
  5. 11-12-2009, 10:02 PM #5
    Jao is offline Senior Member
    Join Date
    Oct 2008
    Posts
    1,132

    Default

    Well, none from what I heard, but PCI strictly recommends that Administrator should pay considerable attention or consideration on login credentials changing for a tighter security practice...