1

Password expiration - new feature request

Topic: Password expiration - new feature request

hello,

in order to improve the security and better protect the access to the application it will be nice to have the possibilty to set a password expiration time.
in this way users can be forced to change the password cyclically.

thanks and regards

2

Password expiration - new feature request

Re: Password expiration - new feature request

Hi edozio
Would you please take look at https://forum.gurtam.com/viewtopic.php?id=15703. There I have requested some features and your request seems very similar and you may write your request there and this way GT will be informed about requests of same type easier.

3

Password expiration - new feature request

Re: Password expiration - new feature request

Dear edozio, hhamedk

Thank you for your request! We have received multiple requests in order to improve security of the Wialon Hosting.

At the moment there are some concerns I have regarding forcing users to change their passwords after a period of time:
1. After password expiration, people tend to set simpler passwords to the apps so that they do not forget it.
2. After password expiration, people tend not to change the full password but only last digit(-s) of the password so that they do not forget it.
3. People tend to re-use passwords and we would need to store them so that they are not repeated...

All that factors affect the security and that passwords are easily guessed by hackers. To sum up - changing passwords every 90(60/30) days gives you the illusion of stronger security.
Even Microsoft changed their guidance on password expiration policies. On May 23, 2019, they released a blog post explaining their decisions. https://docs.microsoft.com/en-us/archiv … rver-v1903

What will we do to improve security?
At the moment I think that users and access management, sessions management, multi-factor authentication, creating more complex passwords should be the main targets in our security strategy.

I have added your request to the ticket of the security improvement in our issues management system, we will contact you once there are any updates in the security sphere.

Please let me know if there are any other questions.

Unfortunately, you are not allowed to view this text

Maryia Paklonskaya
Wialon Business Analyst

"The important thing is not to stop questioning" (c)
4

Password expiration - new feature request

Re: Password expiration - new feature request

Dear mapa,

thanks for the feedback, I'm glad to read the request, that hhamedk suggest some time ago, has been taken in consideration.

we all know that customer try to make their life easier, but I don't want to be the excuse.
so by providing the feature to set the password expiration or decide the complexity I force them to decide what to do, otherwise the argument is: 'wialon doesn't request any password change'

thanks and best regards

5

Password expiration - new feature request

Re: Password expiration - new feature request

edozio thank you for your explanation! As I have mentioned before - the your request has been added to the issues tracking system. Once there are any updates - I will notify you additionally

Maryia Paklonskaya
Wialon Business Analyst

"The important thing is not to stop questioning" (c)