Idea ID: 2872855

Score based dynamic password policies - expiry greater than 365 days

issaqua issaqua
Status : New Idea

Hi guys,

We're seeing customers move to score (entropy/complexity) triggered password policies.  This provides improvements to the user experience (I can choose the complexity that works for me), reduces helpdesk calls (top complexity passwords never expire) and security (entropy/complexity score can be consumed by access management for auto step-up authentication).

The challenge is for when the policy sets "no expiry" - often customers use the expiry field to check that they're a valid/safe identity.  To work around this we'd like to make the maximum expiry time configurable (i.e. greater than 365 days).