User password settings

User password settings

Whilst I don't expect this to necessarily be added into next quarter's stabilisation release, it would be nice if, at some point in the near future, there was a way of enforcing the following for support reps and contacts:

1) Password strength - Enforce a level of password strength when passwords are set or changed.  This would be an administrative setting to be configured either against support reps and contacts respectively (not necessary?) or across the whole system (more likely)

2) Change password on next login - The ability to force anyone logging into the system to change their passwords when they next log in (similar to Active Directory).  This would enable a simple, rememberable password to be set initially by the Admins but, when coupled with the above, would ensure that unique, strong passwords were enforced when the user first/next logged in.

Both of these changes would only affect users when AD integration wasn't enabled (assuming that you 'fix' the problem with local caching of AD passwords which is a HUGE security breach IMHO) as Support Reps should not be able to change their passwords when AD integration is enabled.

Please bear in mind that a number of us use your system on externally facing sites which could, if someone tried, easily be hacked to allow access into the backend and possible our corporate domains.  The above two enhancements/fixes would go some way to reducing this risk.

Thanks in advance,