Deactivate user's password periodically

5 posts by 3 authors in: Forums > CMS Builder
Last Post: October 24, 2018   (RSS)

Hello

I wonder whether there is a way to deactivate periodically a user's password.

Due to GDPR (General Data Protection Regulation) in Europe, it will be useful to "force" users to change their login password from time to time. Is there a way to do this automatically (meaning that the administrator would set the time duration after which the password will not be active)?

Regards

Andreas Lazaris

By Dave - October 10, 2018

Hi Andreas, 

There are some different views on the security pros and cons of forcing a user to change their password.  One negative is that some users may choose simpler passwords or cycle through a list. 

You can read some more on that here: https://security.stackexchange.com/questions/7168/is-forcing-users-to-change-passwords-useful
and here: https://www.washingtonpost.com/news/the-switch/wp/2016/03/02/the-case-against-the-most-annoying-security-measure-virtually-every-workplace-uses/

But you could simply blank out or change a users password in the CMS and when they login next they would get an error and be able to reset it.  Normal user behaviour, if a password isn't working, would be to reset it.  And/or you could have a plugin to blank out passwords if after a certain period of time or if the user hadn't logged in after x months.  Or perhaps add something to track when they last changed their password.

So the easy solution is just to blank out their password so they have to reset it.  And more options would be available if you wrote a plugin.  And if you wanted to change the text displayed "invalid password" you could do that in the language file (/cmsb/lib/languages/) to have it display some additional help text.

Hope that helps!  Let me know any questions.

Dave Edis - Senior Developer
interactivetools.com

Hi Dave

Thank you for your quick answer.

Question: can I create plugin myself? How easy is it?

Kind regards

Andreas

By Dave - October 15, 2018

Hi Andreas, 

If you're familiar with creating plugins or PHP programming then yes you could.  The tricky bit would be figuring out exactly what you want it to do first. 

Dave Edis - Senior Developer
interactivetools.com