Project

General

Profile

Actions
Copy link

Feature #65

open
DL DL

Update User Login and User Management Procedure.

Feature #65: Update User Login and User Management Procedure.

Added by David Leedom 2 months ago. Updated 28 days ago.

Status:
Pending Approval
Priority:
Normal
Assignee:
David Leedom
Start date:
01/01/2026
Due date:
04/30/2026 (48 days late)
% Done:

100%

Estimated time:
SOC2 Control Reference:
Risk Level:
Evidence Attached:
Compliance Due Date:
05/08/2026

Description

This update will do a number of things:

  • Save all passwords as a Hash with Argon2id.
  • Setup a Forgot Password Email exchange
  • Setup a password soft blocking system so wrong passwords will slow down the login process
  • Added password requirements
    • !6 Characters
    • Checking Bad Password Database
    • Checking single character or dual character passwords
    • Checking if password is related to use name.
  • Added ability for the user to change their password while logged in.
  • Added email notification to user every time a password is changed.
  • Added Lockout Flag to user record.
  • Removed Password lookup from user screen.
  • Added ability for admin use to change a password.
  • Added Force Password Change to User Screen.
  • Added ability to Force all users to log off at one time. Optionally to lockout all users from logging back in.
  • Added the ability to force all users to change their passwords.
  • Added the ability to send single message to individual users.
  • Added the ability to edit email messages being sent to users so we can adjust them without software changes.

..... More to be added.

DL Updated by David Leedom 2 months ago · Edited Actions
Copy link
 #1

Adding changes based on review with Maria:

  • Moving this message: "If an account exists for this email address, you’ll receive a reset link shortly." To also appear after the email is sent.
  • Add Pass Phrase message not related words.
  • Develop an entire pass phrase help page.
  • Change Force Pass to Force Password.
  • Inform users with an email when they login and they are locked out.
  • Develop a simple system to prevent logins with a message.
  • password_required_change needs to get the tips.
  • Center logo over the page.
  • Add IP Number filter on login.

DL Updated by David Leedom 28 days ago Actions
Copy link
 #2

  • Status changed from New to In Progress

DL Updated by David Leedom 28 days ago Actions
Copy link
 #3

  • Status changed from In Progress to Pending Approval
  • % Done changed from 90 to 100
Actions
Copy link

Also available in: PDF Atom