I am reading the documentation on how to edit the "Password policy" in confluence.
In the text it says that, after making changes to the policy i can manually do a "reset all passwords now".
But what happens if i do not do a "reset", when will the user be affected by the change?
When they change their password next time ?
If we have the password expire setting set to never, and the users that have the "keep me logged in function" active, then they would never be promoted to renew there password again, even if we changed the expiration-date to a number of days?
So, after you change your policy you will need to click on 'Reset All Passwords Now' to ensure that users will be prompted to change their passwords on the next login and get the policy applied. If you don't hit the button, they will only get the policy applied to their accounts after they manually attempt to change their password upon their will.
For the users who chosen the Keep me logged in option on the site login screen, they'll be forced to update their password after their login period expires (every 30 days) when there are policy changes, even though you have the setup of never expiring passwords.
It is also worth to check security plugins at the Marketplace in case you intend to go further in terms of security, which is always good.
Have a good one!
Hi Community! I’m Elaine, Confluence Product Manager. You may have read my earlier post about page tree in space navigation sidebar. I'm excited to share another improvement that helps you organize ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs