Password policy settings

Let us set our own password policy, instead of enforcing a 90 day expiry.  Some features could be :

  • Time to expiry
  • Password complexity (upper/lowercase letters, numbers, symbols, length)
  • Number of last passwords that cannot match

We are attempting to implement SSO at our location and the inherent 90 day expiry makes this cumbersome...  
Perhaps SAML could also be implemented.

4 CommentsSorted by Oldest First
Forum User

+SSO/SAML 

Forum User

As a followup, this idea can be closed because the current password policy is required for PCI-DSS compliance.  However, SAML is a must.

Forum User

Please remove the change password requirement. It has been proven that forcing users to change their passwords actually makes systems less secure, not more. Think of the following companies that never require you to change your password:

* Google

* Microsoft

* Apple

* Chase bank

* Capital One

* USAA bank

etc. etc. 


Making users change passwords regularly is antiquated and less secure. If anything, add 2 factor authentication with OTP. THAT is meaningful security. 

SNT Team

Hi Reid,

Thanks for your feedback! We regretfully are unable to remove this at this time because PCI compliance requires that we have this in place. I hear you, though! I'm happy to report that we do have 2 factor authentication with OTP in pilot right now - you can find more information about that here. If you are interested in participating in the pilot or would like to be notified when this comes into general release, please open a support ticket or keep an eye on the release notes.

Best,

Julia

Login or Signup to post a comment