Вы не вошли. Пожалуйста, войдите или зарегистрируйтесь.
hello,
in order to improve the security and better protect the access to the application it will be nice to have the possibilty to set a password expiration time.
in this way users can be forced to change the password cyclically.
thanks and regards
Hi edozio
Would you please take look at https://forum.gurtam.com/viewtopic.php?id=15703. There I have requested some features and your request seems very similar and you may write your request there and this way GT will be informed about requests of same type easier.
Dear edozio, hhamedk
Thank you for your request! We have received multiple requests in order to improve security of the Wialon Hosting.
At the moment there are some concerns I have regarding forcing users to change their passwords after a period of time:
1. After password expiration, people tend to set simpler passwords to the apps so that they do not forget it.
2. After password expiration, people tend not to change the full password but only last digit(-s) of the password so that they do not forget it.
3. People tend to re-use passwords and we would need to store them so that they are not repeated...
All that factors affect the security and that passwords are easily guessed by hackers. To sum up - changing passwords every 90(60/30) days gives you the illusion of stronger security.
Even Microsoft changed their guidance on password expiration policies. On May 23, 2019, they released a blog post explaining their decisions. https://docs.microsoft.com/en-us/archiv … rver-v1903
What will we do to improve security?
At the moment I think that users and access management, sessions management, multi-factor authentication, creating more complex passwords should be the main targets in our security strategy.
I have added your request to the ticket of the security improvement in our issues management system, we will contact you once there are any updates in the security sphere.
Please let me know if there are any other questions.
Dear mapa,
thanks for the feedback, I'm glad to read the request, that hhamedk suggest some time ago, has been taken in consideration.
we all know that customer try to make their life easier, but I don't want to be the excuse.
so by providing the feature to set the password expiration or decide the complexity I force them to decide what to do, otherwise the argument is: 'wialon doesn't request any password change'
thanks and best regards
edozio thank you for your explanation! As I have mentioned before - the your request has been added to the issues tracking system. Once there are any updates - I will notify you additionally
