Password expiry policy

Another new feature available as of Smartsite 7.10 is the Password expiry policy.

When this feature is enabled, users (and/or visitors) must change their password regularly.
Also, the User library will display additional information regarding password expiry.

Password expiry is only applicable when Smartsite security is being used (the Smartsite Sql membership provider must be configured as the default membership provider).

Enable password expiry policy

You can enable this feature (for Users and/or Visitors separately) using the Configuration Editor.
Here, you can also specify the number of days a password must remain valid after it has been changed the last time.

When enabling the password expiry policy for the first time, it is likely that for a large number of users (and/or visitors) the password will be considered to be expired right away, because the last time they have changed their password is probably longer ago then the number of days you specify as the password expiration period.

To circumvent this situation, enable the option Reset password expiry and specify the number of days their passwords should remain valid, starting today.

Email notifications

The Smartsite Manager has a built-in background task, which checks for which users and/or visitors the password is about to be expire. 14 Days in advance, an email notification will be send to the user or visitor. Of course, this will only be possible if there's an email address available for that user or visitor.

If the user or visitor hasn't changed their password in the next 7 days, a second email notification will be send.
Furthermore, the Smartsite 7 manager will display a warning message when the password is about to expire (within 14 days or less).

The Smartsite Manager uses a built-in template for the email. However, you can override this email template by creating the localized strings PASSWORD_WILL_EXPIRE_EMAIL_BODY and PASSWORD_WILL_EXPIRE_EMAIL_SUBJECT.

Within the template for the email body you can use the following placeholders:

  • {username}
    The user's name (loginname).
  • {fullname}
    The user's full name.
  • {sitename}
    The site name.
  • {siteurl}
    The url to the site.
  • {managerurl}
    The url to the manager.
  • {expirationperiod}
    The expiration period (number of days).

The built-in template is shown below.

XML CopyCode image Copy Code
<p>Het wachtwoord voor uw account <em>{username}</em> betreffende de site {sitename} verloopt over {expirationperiod} dagen.</p>
<p>Bezoek de <a href="{siteurl}">site</a> of open de <a href="{managerurl}">manager</a> en wijzig uw wachtwoord.</p>
<p>Het account wordt geblokkeerd als het wachtwoord niet binnen deze periode gewijzigd wordt.</p>

Within the subject, only the {sitename} placeholder is available.