7 Replies Latest reply on Jan 2, 2012 9:10 AM by taylorsharpe

    Auto reminders to change password

    rsagall

      I would like to set up a system to automatically remind users that they must change their password. The reminder message three months from the date of their last password change. I would also like to require a new password be required.

       

      Any help would be appreciated.

       

      Rich

        • 1. Re: Auto reminders to change password
          Stephen Huston

          Hi Rich,

           

          FileMaker handles this through the Manage Security settings for the Privilege Set of the user.

           

          password.png

           

          You can set how often they must change it and how long it must be. FileMaker will enforce that it not be the same as the existing password.

           

          FileMaker does not currently enforce anything about alpha-numeric or upper-ASCI contents of passwords, and will also let users reuse an old password as long as it is not the one from which it is currently being changed. So a user could keep switching back and forth between two qualifying passwords over time.

           

          Also keep in mind that in any multi-file system, the built-in Password change by the user is usually the wrong system to employ because users will have to accurately replicate that change in each-and-every file in the system, which becomes quite problematic. This option is reliable in single-file systems, but some other fully-scripted approach needs to be implemented to change passwords across a multi-file system, and FileMaker's Security settings are not the way to do that. Scripted systems then have the problem of needing a table of records for users to track password change dates, which must be checked as users log in to see if it's time for a change.

           

          External Authentication may provide more tools for managing this type of password change enforcement.

           

          Stephen Huston

          • 2. Re: Auto reminders to change password
            rsagall

            I found everything you describe. The problem is that all the fields in the window above (except for "Extended Privileges" list" are greyed out. I have full privileges for the database.

             

            Rich

            • 3. Re: Auto reminders to change password
              Stephen Huston

              Hi Rich,

               

              Are these files being served, shared, or open only on your local computor with only you logged in? Files need to be open on your local computer, not served or shared to fully change file access in FileMaker Networking.

               

              Check FileMaker's Network/Sharing settings to see that nothing is set to stop the permission group in question from accessing the files.

               

              Be sure some form of access in enabled in Security > Extended Privileges for the group.

               

              After checking the "Allow user to modify their own password" is checked, the fields greyed out in my image should bcomee active if all of the other settings are correctly set.

               

              Let us know if it isn't available after all that. There is always something new to me (keeps it fun) that others may have encountered.

               

              Stephen Huston

              • 4. Re: Auto reminders to change password
                RayCologon

                rsagall wrote:

                I found everything you describe. The problem is that all the fields in the window above (except for "Extended Privileges" list" are greyed out. I have full privileges for the database.

                 

                Rich

                 

                Hi Rich,

                 

                Further to Stephen's comments, you can change the security settings for a privilege set (so long as you are logged in with a [Full Access] account) regardless of whether the file is served remotely or local to your computer. However you can't change the settings for the default privilege sets ([Full Access], [Data Entry Only] and [Read-Only Access]), only for additional custom privilege sets you've created.

                 

                If you open the Edit Privilege Set dialog for any of the default privilege sets, all the settings except for the Extended Privileges area at the lower left will be grayed out and inaccessible. Since that's what you've reported seeing, I assume you've opened the settings for one of the default privilege sets (probably the [Full Access] privilege set, I'm guessing?...).

                 

                That being the case, you'd need to open a different privilege set (a custom one created in the file) or create a new one in order to be able to access the "Allow user to modify their own password" setting. And, of course, the settings you select will then apply only to accounts that are associated with that privilege set.

                 

                Regards,

                Ray

                ------------------------------------------------

                R J Cologon, Ph.D.

                FileMaker Certified Developer

                Author, FileMaker Pro 10 Bible

                NightWing Enterprises, Melbourne, Australia

                http://www.nightwingenterprises.com

                ------------------------------------------------

                • 5. Re: Auto reminders to change password
                  LyndsayHowarth

                  And, of course, you can duplicate a default privilege set so you don't have to set one up from scratch.

                  - Lyndsay

                  • 6. Re: Auto reminders to change password
                    RayCologon

                    Lyndsay Howarth wrote:

                    And, of course, you can duplicate a default privilege set so you don't have to set one up from scratch.

                    - Lyndsay

                     

                    Hi Lyndsay,

                     

                    Yes, that's true of the [Data Entry Only] and [Read-Only Access] privilege sets - but for clarity it might be worth mentioning that the [Full Access] privilege set can't be duplicated (when it's selected, the "Duplicate" button is dimmed).

                     

                    The reason for this, of course, is that [Full Access] confers privileges (such as the ability to edit schema) that can't be defined in a custom privilege set.

                     

                    Regards,

                    Ray

                    ------------------------------------------------

                    R J Cologon, Ph.D.

                    FileMaker Certified Developer

                    Author, FileMaker Pro 10 Bible

                    NightWing Enterprises, Melbourne, Australia

                    http://www.nightwingenterprises.com

                    ------------------------------------------------

                    • 7. Re: Auto reminders to change password
                      taylorsharpe

                      I know Stephen Huston already mentioned this, but I encourage you to look at External Authentication with Active Directory (AD) or Open Directory (OD) for several reasons.  The number 1 reason is that these tools specializing in managing passwords including reminders and extensive password rules.  Second, if you AD or OD, then other services can use them and make it a single point of password management.  In other words, your LAN access, your email, your FTP, FileMaker or whatever services using that AD or OD are all managed with the same User ID and password.  But lastly, the most selfish reason I like to set up AD or OD is because it means that FileMaker is no longer handling User ID's and passwords.  This means as FileMaker admin, I don't have to reset passwords and that duty is handled by the Help Desk managing the AD or OD.

                       

                      Regarding the advanced reminders, here is how you set them up in Active Directory:  http://www.intelliadmin.com/index.php/2006/12/how-to-change-the-password-reminder/

                       

                      FYI, AD is Microsoft's implementation of password management and OD is Apple's tool.  I'm personally a big Apple fan, but AD works great too and I find it used in most enterprise business solutions and OD is fairly rare.