Expiring Administrator Passwords

The HS-PCI module allows you to expire administrator passwords. If you do not activate the module, this feature is disabled after the 30-day trial expires.

If Expire Passwords is enabled and a user logs in with an administrator account with a temporary password, EFT Server prompts the user to supply a new password. Each day it also checks whether passwords are <n> days from expiration, and those passwords are flagged for reminders, if reminders are enabled. All reminder e-mail messages are sent immediately after flagging the accounts to be reminded.

Password initial reset, expiration, and account management features only apply to Sites using GlobalSCAPE EFT Server Authentication and ODBC Authentication. These options are not available if other authentication types (AD, LDAP) are used. Password security features all apply at the Server level, not to individual accounts.

EFT Server cannot ask FTP users to change their password prior to logging in and identifying themselves. EFT Server allows them to login (authenticate), but then prevents any further interaction with their session until they change their password.

To expire administrator account passwords

In EFT Administrator, connect to EFT Server and click the Server tab.
In the left pane, click the Server you want to configure.
In the right pane, click the Administration tab. The Password Security settings appear in the bottom half of the tab.
To specify the number of days after which to disable or remove administrator accounts, select the Expire passwords check box, then type or use the arrows to specify the number of days. The default is 90 days.

If you make any changes to the password settings, when you click Apply to push the changes to EFT Server, the counter is reset. For example, if you set it for 90 days, then go back 89 days later and specify a different dictionary file, when you click OK then Apply, the administrator accounts will not expire for 90 days.

Click Apply to save the changes on EFT Server.