Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability to define password expiry policy #22197

Open
tsteur opened this issue May 8, 2024 · 0 comments
Open

Add ability to define password expiry policy #22197

tsteur opened this issue May 8, 2024 · 0 comments
Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc.
Milestone
For Prioritization

Comments

@tsteur
Copy link
Member

tsteur commented May 8, 2024

From https://sprinto.com/blog/nist-password-guidelines

NIST (National Institute of Standards and Technology) has a smart recommendation for businesses regarding password expiration and resets. Instead of forcing users to change their passwords frequently, they suggest doing it under two specific conditions.
A password reset should happen when there’s clear evidence of a security breach or a known compromise.
Consider resetting passwords every 365 days, which is roughly once a year. The goal isn’t to hassle users; it’s to nudge them toward creating longer, more complex passwords.

Matomo should allow a super user to define a password expiry policy after how many days a password reset is required for all users.

refs #13070
@tsteur tsteur added Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc. c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. To Triage An issue awaiting triage by a Matomo core team member labels May 8, 2024
@michalkleiner michalkleiner removed the To Triage An issue awaiting triage by a Matomo core team member label May 8, 2024
@michalkleiner michalkleiner added this to the For Prioritization milestone May 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc.
Projects
None yet
Milestone
For Prioritization
Development

No branches or pull requests
2 participants
@michalkleiner @tsteur