Back to Community Threads
3
password change policy every 180 days
Idea shared by Win Thu Aung - 10/24/2014 at 8:21 AM
Completed
I do not see any forced password change policy for users every 180 days in smartermail. MS Exchange is using Windows AD and it has password policy as part of AD. It would be great to see that feature in SM.

9 Replies

Reply to Thread
0
There is no native way we've found to query the user through the API to get the last change. What we did is write a small ASP.Net app that we have users change their password with. This saves the username, domain and the date changed. From there we have a report that goes to the administrator(s) of the domain and lets them know the "estimated" password age. We say estimated as if we don't know we can't go off anything other than the original creation date.
0
Can you share that app? At least I can use it before smartertools decided to add this feature.
0
I will work on breaking it out of our CMS and making it available for everyone.
0
Thank you
3
Employee Replied
11/7/2014 at 8:07 AM
Employee Post
Hi Win,
 
I just wanted to give an update to this thread. In SmarterMail 13.0 administrators can now set a password expiration. This will require users to update their passwords on regular intervals, set by the system administrator. When a user's password is expired, they'll be forced to change it upon Web interface login, and their outgoing SMTP will be disabled until it is updated.
 
You can read more about the SmarterMail 13.0 release here: http://smartertools.com/smartermail/whats-new.aspx
0
I might be missing something, but how can I configure this on a per domain basis? With different customers with different needs, in one smartermail installation, this is important.
0
Employee Replied
2/1/2016 at 8:57 AM
Employee Post
Hi Robert. At this time, password requirements are set for the entire installation; it's not possible to customize them per domain. I believe that this request is on our developer's features list to discuss for a future version, but I didn't see any Community threads facilitating the request. I'd recommend that you start a new thread with your request so we can see other users' input and monitor how many others would like to see this implemented as well.
1
I'm voting this up one!  --  It would be great to be able to set stronger password requirements for those who are subject to HIPAA and Sarbanes Oxley than the clients who are small not-for-profits with a bunch of volunteers.
 
Most of you realize that I am very pro-security, and gung ho on ultra strong passwords, but there are compromises here the ultra-strength version of security is not enforceable.
 
Thanks for considering the ability to set password expiration / enforcement compliance on a domain-by-domain basis!
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Employee Replied
2/1/2016 at 10:20 AM
Employee Post
Hey Bruce! Glad to hear you're in support of the feature request. Let's get this on a new thread so we can facilitate tracking...
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

SmarterMail HIPAA/FINRA/SOX ComplianceGeneral Topics
Manually Securing SmarterMail Using Let's Encrypt and Certify the WebSmarterMail > Installation and Configuration
Recommended SPAM SettingsSmarterMail > Antispam and Antivirus
Find a Compromised AccountSmarterMail > Troubleshooting
Configure an EAS Account in the Samsung Email ClientSmarterMail > Desktop and Mobile Synchronization