Password Expiration
User passwords can be set to expire on a specific date or after a set amount of time, as of NiagaraAX-3.7. It is important to ensure that passwords are not valid indefinitely. If an expiring password is acquired by an attacker, it is only useful until it expires or is changed. Password expiration must be configured in both Password Configuration property sheet and on individual user properties.
To set Expiring Passwords
Password Configuration Property Sheet
- Navigate to UserService's property sheet
- Expand the "Password Configuration" property
- Configuration:
- Expiration Interval (duration of password validity, 90 days is recommended)
- Warning Period (how far in advance a user is notified to change their password, 15 days is recommended)
Password Expiration: Edit Users Dialog
In addition to setting password expiration in Password Configuration, Password Expiration must be enabled for each user.
- Navigate to the User Manager view in the UserService: Station > Config > Services > UserService
- In User Manager, select users and click the Edit button, which will open the Edit Users Dialog
- For Password Expiration, select Expires On and set the date to at least 15 days into the future
When the user changes their password, the new password will expire according to the interval set in the UserService.