Welcome to the #dominoforever Product Ideas Lab! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated jointly by the IBM & HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino page.


Internet Password Security - Aggregating all current ideas into this post

At the time of this post there are multiple posts that are requesting specific enhancements around Internet Users and Password Security / Policies.  Individually these are getting votes as individual ideas.  It is time to consolidate these individual requests into a single item where the votes can be aggregated to bring this to IBM's attention.  IBM can then look at the overlapping requirements and determine a holistic and robust approach to this increasingly important area that Domino is lacking.

The current posts I could find are:

- Add Password Management capabilities (Expiration) for iNotes/internet users who do not utilize notes clients.
- Password Security / Policy for Internet MUST track history for specified reuse
- Custom Internet Password Policy Enforcement
- Check last 3 password during iNotes/Webmail password change or reset
-Need to customise the password expiration messaging

Suggestions within this post:

- Notification Password will Expire in 'x' Days:  This specific post was to be intended to address the fact that an Internet Only user cannot get a notification that their password is going to expire.  They ONLY get the Change Password Screen when their password has expired.  It seems odd that Domino can recognize an expired password once it has expired but cannot notify a browser user that it will expire in 'x' days.  This limitation has been confirmed by IBM Domino Support.

- Minimum Password Age:  Many secure systems do not let the user change the password multiple times a day.  This is seen as a security risk or an automated attack.

- Initial Setup Expiration:  When a new user is setup with an initial password they need to login in 'x' days.  This is different than forcing a user to change their password every 'y' days.  Audit/Security wants to make sure new users make the initial login to validate they "got" the initial password.

- Notification of Password Change: This is being required by many systems as an insurance that the "real" owner is notified of a password change in case their account get hacked.

Can IBM please remove the second class status of Internet Password Security (as compared to Notes Client Password Security) and make the Password Security Policy Enforcement more encompassing to include all the items above and consider any items not included above and are in the Policy Settings document to see if they can be included (technically)?

Note:  Other users should add their needs for Internet Password Security as comments to this Post.  I will incorporate them into the main post.

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Sep 24 2018
  • Attach files
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    October 2, 2018 16:20

    Not sure if you're also interested in user self-service password reset capabilities?

    https://domino.ideas.aha.io/ideas/DOMINO-I-176