Add ability to define password expiry policy
tsteur opened this issue · comments
From https://sprinto.com/blog/nist-password-guidelines
NIST (National Institute of Standards and Technology) has a smart recommendation for businesses regarding password expiration and resets. Instead of forcing users to change their passwords frequently, they suggest doing it under two specific conditions.
A password reset should happen when there’s clear evidence of a security breach or a known compromise.
Consider resetting passwords every 365 days, which is roughly once a year. The goal isn’t to hassle users; it’s to nudge them toward creating longer, more complex passwords.
Matomo should allow a super user to define a password expiry policy after how many days a password reset is required for all users.
refs #13070