Thursday, July 11, 2013

How to enable Liferay password expiration

Related Liferay Password Policy topics:
  - Setting password syntax in Liferay
  - Enable Liferay password expiration
  - Enable Liferay password lockout
  - Assign members to a password policy

Password expiration is a security consideration to force a user to change his/her password for a pre-defined duration.
eg, if the password expiration is 1 year, a user registered on 1st Jan 2013 must change his/her password on 1st Jan 2014.

The password expiration policy is built-in in Liferay but disabled by default.
From security perspective, a production Liferay portal should enable the built-in password expiration.
and below are the steps.

Steps to enable Liferay password expiration:

1. Login as Administrator

2. Navigate to Liferay Password Policies
Go to > Control Panel > Portal > Password Policies
Liferay Password Policies

3. Click on Default Password Policy

4. Setting password expiration
    a) Scroll down to the Password Expiration section
    b) check the Expiration enabled checkbox
    c) set Maximum Age
    d) set Warning Time
    e) set Grace Limit
Liferay Password Expiration

5. Click Save.


No comments:

Post a Comment


Related Posts Plugin for WordPress, Blogger...