MIP Ideas Portal

Password Controls

While the administrator can force users to reset passwords after a period of time, users are still able to "reset" their password to the exact same password. This security upgrade actually provides no security at all. Users forced to reset a password should not be able to use the current password or a recently used password.

  • Guest
  • Jun 4 2018
  • Attach files
  • Lisa Gehring commented
    November 15, 2018 14:21

    We just got dinged on our audit for this...

  • Dawn Fisher commented
    January 22, 2019 16:57

    We got dinged too and EWS doesn't allow us to even force users to change the password.