Kentik Portal gets more secure: password rotation
As hinted in one of our last updates about password complexity constraints, starting on June 1st, 2023 users relying on plain password authentication will be required to rotate their password at regular intervals.
Between tomorrow (May 9th, 2023) and June 1st, 2023, users whose preferred login method is currently plain password authentication will see this warning appear upon login, which will not show again once discarded.
This will only apply to password-authenticated users - the following authentication methods will not be impacted:
- SSO users
- 2Factor Users (TOTP or Yubikey)
Kentik recommends using these preferred, stronger authentication methods.
However, companies will still be allowed to change this setting via the Settings > Access & Security > Authentication & SSO screen if they so desire.
In this config screen, SuperAdmins will be allowed to:
- Select a different frequency between 90, 120, 180 and 365 days
- Completely disable password expiration (not advised)
As asked by our users, password reset will prevent users from re-using any of the five previous values.