Force Password Change
Idea shared by C Layton - December 15, 2014 at 6:51 AM
There have been many improvements around password functionality in SmarterMail 13.x, however there still does not seem to be a way to force a user to change password at next login.
What we had been doing to get around this is to set a password that does not meet the password requirements at user creation.  At first login to webmail the user is forced to change their password.  
Currently we have built a custom web application that uses the SmarterMail web services to create and update user mailboxes.  Using the web services we are not able to perform this workaround.  
How are others forcing password changes?  How is there not a checkbox to force a password change at next login? This is a glaring oversight by SmarterMail. 

8 Replies

Reply to Thread
Robert Emmett Replied
December 17, 2014 at 9:26 AM
Employee Post
C Layton, thank you for you question.  There have been similar requests for an option to force a password change on next user login.  I have added it to our features request list for further consideration by the dev. team.  I have also changed this thread from a Question to an Idea to facilitate development tracking.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
Luk Replied
May 19, 2015 at 11:36 PM
It would be nice to have such feature, since domain admin can't create a user with weak password to enforce password change...
Brian Ellwood Replied
May 20, 2015 at 5:40 AM
Yes please!
Mark Martens Replied
January 6, 2016 at 7:04 AM
So...this has been under consideration for some time now.  Are we getting any closer?  This is an important security function.  Thanks for your help.
Mark Martens - MBA, CISSP, PMP, ITIL
Connie DeCinko Replied
June 14, 2016 at 4:14 PM
Any chance we will see this in SM16?
Andrea Rogers Replied
January 24 at 3:50 PM
Employee Post
Hi everyone, 
We appreciate your feedback on this thread! This functionality is among the security updates planned for a future version of SmarterMail. Stay tuned for more details as they come! 
Thank you! 
Andrea Rogers
Communications Specialist
SmarterTools Inc.
(877) 357-6278
Julian Dormon Replied
January 24 at 4:40 PM
Hi guys!
I just upgraded to SM 15 from 12 and somehow all my users were emailed a Password Violation Compliance email.
They have until Feb 17 to change or be locked out. 
This caught us very off guard and so NOT what we needed to happen in the middle of a server migration.
Anyway I have extended the block grace period to 60 days and now I want to send out another email explaining that we have given them an extension but the Feb 17 date still shows on the Password Compliance Email page.
What am I missing? Please help this is time sensitive. Much thanks in advance!
Curtis Kropar www.HawaiianHope.org Replied
January 26 at 1:14 AM
I know you are looking for "On First Login"
But there is a feature for forcing a SCHEDULED password change (for anyone else looking for this)
This feature is already in SM 14. In the administration login, (not domain administrator)
The bottom menu item "Security"
in the "Advanced Settings"
"Password Requirements"
You can say that a password expires every 3 months, or 30 days, or 6 months, etc.  The minimum password strength  requirements and a grace period.
www.HawaiianHope.org - Providing technology services to non profit organizations, homeless shelters, clean and sober houses and prisoner reentry programs. To date we have given away over 1,000 free computers.

Reply to Thread