Password Requirements
Question asked by Ryan Wittenauer - December 13, 2018 at 10:18 AM
Unanswered
Couple of questions:
1. Forcing a password expiration doesn't seem to lock down IMAP, POP, or SMTP. There is the option to suspend outgoing messages but only if they go past the auto-grace period. Is there a way to disable protocols when manually expiring passwords?

2. Are there any plans to make the password requirements a little more robust? Let's say we wanted to have 5 requirements but only require 3 of the 5 to be met. Also, allowing users to make long-form passwords of just lower-case letters will end up being just as secure as 10 characters with random numbers, letters, and special characters. It would be very useful to allow users to meet different requirements.

3. With the recent addition of 2 factor authentication, we noticed that it can be enabled/disabled per domain. Any plans to have domain level password requirements? It would be useful for system admins to allow certain domains to have different requirements.

Reply to Thread