#5697 - Add admin tool for mass invalidating member passwords – Composr CMS: Your Data, Your Privacy, Your Control

This is a spacer post for a website comment topic. The content this topic relates to: #5697 - Add admin tool for mass invalidating member passwords

By Guest posted 23rd Jul 2024, 11:00 AM

"Members who have not changed their password in X days or longer" - maybe, but most people hate this. https://pages.nist.gov/800-63-FAQ/#q-b05

By Guest posted 23rd Jul 2024, 12:32 PM

The point of this tool is to invalidate passwords in the event of a breach. So that criterium is not actually for password expiration but rather manually invalidating passwords which have not been changed in a long while (in the event of a breach) as they are more likely to exist in brute-force rainbow tables.

Composr already has password expiration as a separate config option.

By Guest posted 24th Jul 2024, 5:04 PM

Ah, right.