Automatically re-hash user's passwords upon login

[jimleroyer]

Description

As a user of GCNotify, I do not want to have a forced reset password due to rehashing requirements, But would prefer it to be automatically done on my next login in a transparent manner.

As a support operator, I want the users to have their passwords rehashed automatically, So that I have as less support tickets as possible.

WHY are we building?

Offer a better user experience on password rehash; reduce support tickets.

WHAT are we building?

1. Rehash all users passwords automatically on a login, set on a cutoff period.
2. Enforce a password reset after 90 days of the cutoff period for users who didn't login yet.

VALUE created by our solution

• Better UX; better support.
• Users are not bothered
• Increase of trust in Notify

Acceptance Criteria

Rehash all users passwords automatically on a login, set on the cutoff period.

• [ ] Report on last users password forced reset, to see how many users who didn't reset since the last one.
• [ ] Report on users categories on last users login.
• [ ] We have a dashboard or query showing how many passwords are still using the old SALT
• [ ] Decide on a cutoff period of when to rehash the user's passwords.
• [ ] Make the salt variable into an array of salts. The ordering should replicate the same as the secret key.
• [ ] On login, a check should verify the cutoff period and re-hash if older.
• [ ] Bug bash ran with the organization, the GCNotify team + external teams.
• [ ] (new card) Enforce a password reset after 90 days of the cutoff period for users who didn't login yet and remove the older salt. We have a script to expire any passwords that have not been switched
• [ ] We can rotate the DANGEROUS_SALT without needing to expire passwords
• [ ] When users log in their passwords are automatically rehashed with the new SALT if needed

QA Steps

• [ ] Tested locally with scenarios.
• [ ] Tested in staging with scenarios.
• [ ] Tested in a bug bash with people's random scenarios.

Scenarios

1. Use an account to login who didn't login since the cutoff period.
2. Use an account to login who did login since the cutoff period.
3. Lock out account who didn't login since the cutoff period with multiple non-successful login tries.

[jimleroyer]

Number of users with password reset vs non-reset: