Add "Password Expired" message to logins with expired credentials.

[Glenalth]

This should cut down on the number of "why doesn't my password work anymore" support requests.

---

Password Expired Link: Reset Password

---

[esdraelon]

I'm not sure this is possible, per se. There is an expiration date in the user record, but it is not precise - it is purposely wrong by up to a few months in either direction.

The credentialing system itself is double-blind. There is no way to know from inspecting the user record if a password has actually expired vs. wrong password provided. The entire user record is encrypted heavily and then compared to the entire database of encrypted user authorization records. A hit in the "credentials tanks" results in authentication.

[Glenalth]

Maybe an update to the login failed text would help alleviate support requests. Right now all the information given is: "link:I forgot my password. Login and username could not be found. Local Authorization Attempt:"

Perhaps this instead? "Login unsuccessful link:Reset forgotten or expired password"

It doesn't state that it's expired, but people will at least understand that passwords can expire and maybe try resetting it themselves.