Force password reset 90 days after last change
Posted: 2019-05-08 05:14
For purposes of a security audit, I'm looking to implement a function to force a password reset for all users, 90 days after their last password change.
How exactly to achive that with minimum fuss and hopefully not requiring further tables/fields is the problem?
I'm thinking a cron script might do the job but that would reset everybody at the same time every 90 days regardless, rather than 90 days after their own last reset? That would probably do for my purposes but what to put in that cron script is also a problem?
Anybody possibly already implemented such a function or have any idea of the best way to go? Thanks.
How exactly to achive that with minimum fuss and hopefully not requiring further tables/fields is the problem?
I'm thinking a cron script might do the job but that would reset everybody at the same time every 90 days regardless, rather than 90 days after their own last reset? That would probably do for my purposes but what to put in that cron script is also a problem?
Anybody possibly already implemented such a function or have any idea of the best way to go? Thanks.