How can we help you today?

Start a new topic
Not Taken

User Passwords - Auto-change after 90 days

Dear Support,

 

Please can I request functionality for user passwords to be changed after 90 days.

 

Best Wishes

Chris

1 Comment

Hi,


This is a common feature for a few PMS systems which I gather is based on a belief that it would take 90 days for the average computer to crack the average password.


ResDiary would of course to be do everything possible to improve the level of security in your business, but this function isn't a direction we are going to take, as with modern technology on the cloud, it is possible for average passwords to be cracked within seconds.


The secondary issue for us if we were to implement this would be that frequent password changes would be liable to increase support issue where users will forget passwords and lock themselves out of their account. They could still use the email password reset function with Captcha but in a busy restaurant environment this isn't always practical.


If interested on further viewpoints on this subject, please see the article below from the UK national cyber security centre which advises against auto-password expiration and have provided some guidelines for a more modern approach on improving password security;


https://www.ncsc.gov.uk/guidance/password-guidance-simplifying-your-approach


What we can help with is to restrict IP address access which will restrict the access to ResDiary from other computers not on site.


If this would be suitable, you need only send a list of IP addresses to support@resdiary.com and ask that only these should be able to access ResDiary.


Kind regards,


Ewan


Login or Signup to post a comment