MIP Ideas Portal

Password Controls

While the administrator can force users to reset passwords after a period of time, users are still able to "reset" their password to the exact same password. This security upgrade actually provides no security at all. Users forced to reset a password should not be able to use the current password or a recently used password.

  • Guest
  • Jun 4 2018
  • Attach files
  • Dawn Fisher commented
    22 Jan, 2019 04:57pm

    We got dinged too and EWS doesn't allow us to even force users to change the password.

  • Lisa Gehring commented
    15 Nov, 2018 02:21pm

    We just got dinged on our audit for this...