Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Temporary Passwords should expire #242

Open
deastman opened this issue Jul 1, 2022 · 0 comments
Open

Temporary Passwords should expire #242

deastman opened this issue Jul 1, 2022 · 0 comments
Labels
Type: Maintainance Nature of issue deals with routine updates or small fixes

Comments

@deastman
Copy link
Contributor

deastman commented Jul 1, 2022

When an Admin creates an account in VA Explorer, the user account is assigned a temporary password. This temporary password does not expire.

What is the expected state?
Temporary passwords should expire. From @ajbarnes: "60-90 days is reasonable. Good justification for expire is that a user password is supposedly only ever in the user’s head, but a temp one is sent and hangs around in possibly unencrypted spaces like over the wire and/or in the user’s inbox."

What is the actual state?
Temporary passwords do not expire.
@deastman deastman added Priority: High Type: Maintainance Nature of issue deals with routine updates or small fixes labels Jul 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Maintainance Nature of issue deals with routine updates or small fixes
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@deastman @ajbarnes