More user-driven password reset options

More user-driven password reset options

Postby EKjellquist » Thu Jul 02, 2020 6:37 pm

One thing I've never really enabled until recently is the ability for users to reset their password WITHOUT the ability to log in first. I've used this sparingly so far, but I have a few suggestions for future options:

- Alternate Email - option to require alternate email to send p/w reset link to (this requires a user to have access to that email, rather than just have the reset occur instantly). Also, make this reset link expire in X minutes (say 60 by default?). Would prefer that alternate email either is specified by a logged-in user, during account creation or something an admin can enter in/manage later on the backend at the user level.
- Password Complexity - AFAIK there's no way to require users' passwords to be of any required complexity level; it would be nice to have a few options at the user/group level to set min/max of characters, requirement of ucase / lcase / numbers / symbols, requirement that the last X passwords can't be re-used, and a password expiration threshold (say 0-X days, where 0 just disables expiration). If I could get AMS to talk to Active Directory, though, that would be even better (I would just match email accounts to AD users)
- Captcha on password reset page - if I could require the same captcha on the 'forgot your password?' page where a user enters their email (same options as for webmail) that would be nice.

I'm guessing p/w reset requests are logged, not sure if anti-hammering comes into play here, but if currently it isn't, it should ;)
EKjellquist
 
Posts: 96
Joined: Tue Sep 09, 2014 10:40 pm

Re: More user-driven password reset options

Postby Code Crafters » Wed Jul 29, 2020 4:12 pm

Thanks for your feedback. We've added this to our feature request list.
Code Crafters
 
Posts: 944
Joined: Mon Sep 10, 2007 2:35 pm


Return to Suggestions

Who is online

Users browsing this forum: No registered users and 1 guest

cron