Change of password expiration policy defaults

An expiring password policy has become obsolete through the years because it generates some of the problems it tries to solve:
- https://www.computerworld.com/article/1722801/microsoft-tells-it-admins-to-nix-obsolete-password-reset-practice.html
- https://learn.microsoft.com/en-us/archive/blogs/secguide/security-baseline-draft-for-windows-10-v1903-and-windows-server-v1903

**Proposed solution**

- Default password expiration policy: ~~disabled~~ **enabled**
- ~~If expiry is enabled,~~ Default password age is 0-180
- In UI, when admin sets a password (also in the user creation workflow) add an option "must-change-at-next-login"
- Implement "password-does-not-expire" flag in UI


**Additional context**

Current password policy settings

![Image](https://github.com/user-attachments/assets/38a16f46-f008-46f8-a4e5-3a4c4dcea2f8)

Currently Password-does-not-expire is displayed, but not modifiable

![Image](https://github.com/user-attachments/assets/53890ec8-b630-4c08-b679-01f86cd35294)

**See also**

Discussion https://mattermost.nethesis.it/nethesis/pl/m93w1ifhgtbqdy8qmmmt7ep3wy

----

Thanks to @nrauso @charliewhiting @digre82 


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Change of password expiration policy defaults #7503

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Change of password expiration policy defaults #7503

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions