Option to force users to to change their password
Would like the option to foruce users to change their password every 90 days or less. This suggestion came from an audit recommendation from the NYS Comptroller's Office.

-
Gerry Seneski commented
Password complexity also creates an administrative nightmare. This only encourages employees to post their passwords by way of cheat sheets on their desk or bulletin boards.
-
Gerry Seneski commented
Only if optional. Changing passwords every 90 days only leads to employees asking to have their passwords reset because they do not remember which iteration of their password they are in. At least for my organization (150 +/- Edmunds users) we are much too small to have the need to do this or to have the resources to manage this. A larger organization might have this interest.
-
Chris commented
I would also like to see more controls to be able to set password complexity requirements, including making passwords case-sensitive.