Enable password expiration
severity-high
cms-settingskey-password-expiration-enabled
Summary
Important Security Note: If your site has custom authorization configured this check may not be applicable.
Having Password Expirations turned on helps keep your site secure by requiring users to reset their password periodically. This keeps old and possibly compromised passwords from persisting and creating security issues on your site. The Enable Password Expiration setting is the base setting for all other password expiration settings and must be enabled for those to take effect.
Resolution
To determine whether your site's Password Policy is turned on you can navigate to the Settings Application and then find the Security & Membership > Passwords settings.
From there you will want to find the Password Expiration section and verify whether the Enable Password Expiration checkbox is checked. We recommend that Enable Password Expiration be turned on.
MVC Sites
This setting is only applicable to MVC live sites that have the MVC live site configured via code to respect the setting values. For more information on this please reach out to the Toolkit For Kentico team.
Not sure what to do?
If you are ever unsure about making changes to your site, we encourage you to reach out to your
Kentico Xperience Gold Partner. If you do not have a partner,
then feel free
contact the Constant Care For Kentico team to get connected
with an expert.