Closed Glenalth closed 3 years ago
I'm not sure this is possible, per se. There is an expiration date in the user record, but it is not precise - it is purposely wrong by up to a few months in either direction.
The credentialing system itself is double-blind. There is no way to know from inspecting the user record if a password has actually expired vs. wrong password provided. The entire user record is encrypted heavily and then compared to the entire database of encrypted user authorization records. A hit in the "credentials tanks" results in authentication.
Maybe an update to the login failed text would help alleviate support requests. Right now all the information given is: "link:I forgot my password. Login and username could not be found. Local Authorization Attempt:"
Perhaps this instead? "Login unsuccessful link:Reset forgotten or expired password"
It doesn't state that it's expired, but people will at least understand that passwords can expire and maybe try resetting it themselves.
This should cut down on the number of "why doesn't my password work anymore" support requests.
Password Expired Link: Reset Password