Reminding Users when Password is About to Expire
EFT allows you to set a reminder to notify users of their pending password expiration up to 30 days prior to the password expiration date. You can set the reminder on the Site for all accounts, on the Settings Template, and/or for each user, from 0 (no reminder) to 30 days (5 is the default). The reminder can be in the form of a banner message or an email or both.
To remind users of expired passwords
-
In the administration interface, connect to EFT and click the Server tab.
-
On the Server tab, click the Site, Settings Template, or user that you want to configure, and then click the Security tab.
-
Select the Allow users to reset their passwords check box.
-
Next to Password Expiration Options, click Configure. The Password Expiration dialog box appears.
-
Select the Expire check box, then specify the number of days after which to expire the password.
-
Select the Remind check box, then specify the number of days prior to expiration to remind the user.
-
Do either or both of the following:
-
To send an email when the password is about to expire, select the Send user an email prior to expiration check box.
-
To send an email when the password has expired, select the Send user an email upon expiration check box.
-
Click OK to save the settings and close the dialog box.
-
Click Apply to save the changes on EFT.
-
Edit the Password Reset Messages, as desired.
For all protocols, if the user’s password is scheduled to expire, the email reminder is enabled, and the user account has an email address associated with it, an email will be sent informing the user of the pending expiration and provides instructions on how to change the password for one or possibly all protocols. A user who typically connects over FTP may optionally login via HTTP/S to change the password.
For details of reusing passwords, refer to Prohibiting Password Reuse.