Q1. What is the problem that you are trying to solve?
Coming from the world of KeePass like password managers I am used to having passwords expire, where my password manager will force me (the user) to change the password. This goes beyond what is requested in “As a logged in user I should know if a password is about to expire and should be changed”
As security officer I want the password manager rather than any other application dictate whether passwords expire or not. On top of this I want to be able to expire passwords within a group when members of that group leave my organization
Q2 - Who is impacted?
Any security officer and user who puts his privacy before convenience (and therefore uses a password manager) as well as all users of applications that do not enforce password expiry.
Q3 - Why is it important and/or urgent?
This is a very comon way to enforce password hygene as well as a very logical and straightforward step to ensure confidentiality of my application stack. Assuming a group of users has access to all kinds of applicatiosn and 1 user leaves (group or org), the need for resetting passwords, or enforcing thereof, is a basic security requirement.
Q4 - What is your proposed solution? (optional)
Add an optional “Expires on” or “expires after n days” field, which will trigger a change password flow within PassBolt:
Password can be used to login the application the password belongs to, user then changes the password, changed password gets saved into PassBolt by the user. If the user does not change the password within an ‘x’ amount of time, the password gets removed from PassBolt.
Admin edit: added poll bellow.