You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When an Admin creates an account in VA Explorer, the user account is assigned a temporary password. This temporary password does not expire.
What is the expected state?
Temporary passwords should expire. From @ajbarnes: "60-90 days is reasonable. Good justification for expire is that a user password is supposedly only ever in the user’s head, but a temp one is sent and hangs around in possibly unencrypted spaces like over the wire and/or in the user’s inbox."
What is the actual state?
Temporary passwords do not expire.
The text was updated successfully, but these errors were encountered:
When an Admin creates an account in VA Explorer, the user account is assigned a temporary password. This temporary password does not expire.
What is the expected state?
Temporary passwords should expire. From @ajbarnes: "60-90 days is reasonable. Good justification for expire is that a user password is supposedly only ever in the user’s head, but a temp one is sent and hangs around in possibly unencrypted spaces like over the wire and/or in the user’s inbox."
What is the actual state?
Temporary passwords do not expire.
The text was updated successfully, but these errors were encountered: