Clients; Web Passwords; "Expiry Days" and "History Length" options are now supported

User Passwords have always had the concept of Expiry Days and History Length defined on User Policies, which add extra security to User Passwords. This same concept has been added for Clients for use in Portals, for example.

Instead of User Policies, these options are configured in:

Global Settings, Clients, Web Access:

• Expiry Days
• This sets an expiry date for a Clients Web Password. If the configured number of days passes, the Client will be forced to update their password the next time they attempt log in.
• History Length
• This forces Clients to use new passwords. The number configured here means that the Client cannot reuse their last X passwords.
• Note that the Clients' current password is also counted in the password history. This means that attempting to set a new password which matches the current will return an error to suggest a password cannot be re-used.

By default these values are set to 0, which means they are not being used. When set, these settings will be applied to all Clients which have Web Access.

Similar to Users, Web Password History can be cleared from the Clients form, Web Access, Clear History button. When clicked, the Client's Web Password History is cleared and a Client Web Password History Cleared Audit Log is written to record this action.

Note: During the database upgrade to version 4.1, any existing Clients which already have a Web Password set will have that password added to their password history, and Expiry Days will be applied from the date the database upgrade occurred.

For example, if Expiry Days was set to 365, and the database upgrade occurred on 1/10/2024 then any existing Clients which have a Web Password set will be required to change it on 1/10/2025.