Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Sebastian Dammark 498 posts 1140 karma points
    May 14, 2019 @ 09:17
    Sebastian Dammark
    0

    Member password renewal

    I have a client who has a lot of members that needs to renew their password every 2 weeks.

    They want to notify the member 4 days before expiration.

    And if not updated before expiration the member should be disabled and notified.

    Any ideas how to obtain this ?

  • Richard Soeteman 3574 posts 10776 karma points MVP
    May 14, 2019 @ 10:37
    Richard Soeteman
    0

    Sounds like a fun project, don't knowif it work with people going on holiday for three weeks ;-)

    But I would (I think):

    • Create a custom table that can store at least the member id, hashed password and expiration date.
    • When a member is saved check password with the custom table. When that is changed update the expiration date and hashed password.
    • Create a scheduled task that polls the custom tables and either send an email 4 days before expiration, or disable and notify the member.

    Hope this helps,

    Richard

  • Sebastiaan Janssen 4815 posts 14087 karma points MVP admin hq
    May 14, 2019 @ 12:20
    Sebastiaan Janssen
    0

    I hate to be that guy, but make sure to read up on this requirement, you can advise them that this actually LOWERS security instead of increasing it.

    If they want to be more secure:

    • Run everything on https
    • Enforce long passwords (at least 12 characters)
    • Invest in a password manager that can create a random, unique password for them
    • Investigate investing in 2 factor authentication

    Here's an excellent article with great advise: https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/

Please Sign in or register to post replies

Write your reply to:

Draft