3
password change policy every 180 days
Idea shared by Win Thu Aung - 10/24/2014 at 8:21 AM
Completed
I do not see any forced password change policy for users every 180 days in smartermail. MS Exchange is using Windows AD and it has password policy as part of AD. It would be great to see that feature in SM.

9 Replies

Reply to Thread
0
There is no native way we've found to query the user through the API to get the last change. What we did is write a small ASP.Net app that we have users change their password with. This saves the username, domain and the date changed. From there we have a report that goes to the administrator(s) of the domain and lets them know the "estimated" password age. We say estimated as if we don't know we can't go off anything other than the original creation date.
0
Can you share that app? At least I can use it before smartertools decided to add this feature.
0
I will work on breaking it out of our CMS and making it available for everyone.
0
Thank you
3
Andrea Rogers Replied
Employee Post
Hi Win,
 
I just wanted to give an update to this thread. In SmarterMail 13.0 administrators can now set a password expiration. This will require users to update their passwords on regular intervals, set by the system administrator. When a user's password is expired, they'll be forced to change it upon Web interface login, and their outgoing SMTP will be disabled until it is updated.
 
You can read more about the SmarterMail 13.0 release here: http://smartertools.com/smartermail/whats-new.aspx

Andrea Rogers
SmarterTools Inc.
877-357-6278

www.smartertools.com

0
I might be missing something, but how can I configure this on a per domain basis? With different customers with different needs, in one smartermail installation, this is important.
0
Andrea Rogers Replied
Employee Post
Hi Robert. At this time, password requirements are set for the entire installation; it's not possible to customize them per domain. I believe that this request is on our developer's features list to discuss for a future version, but I didn't see any Community threads facilitating the request. I'd recommend that you start a new thread with your request so we can see other users' input and monitor how many others would like to see this implemented as well.

Andrea Rogers
SmarterTools Inc.
877-357-6278

www.smartertools.com

1
I'm voting this up one!  --  It would be great to be able to set stronger password requirements for those who are subject to HIPAA and Sarbanes Oxley than the clients who are small not-for-profits with a bunch of volunteers.
 
Most of you realize that I am very pro-security, and gung ho on ultra strong passwords, but there are compromises here the ultra-strength version of security is not enforceable.
 
Thanks for considering the ability to set password expiration / enforcement compliance on a domain-by-domain basis!
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Andrea Rogers Replied
Employee Post
Hey Bruce! Glad to hear you're in support of the feature request. Let's get this on a new thread so we can facilitate tracking...

Andrea Rogers
SmarterTools Inc.
877-357-6278

www.smartertools.com

Reply to Thread