Administrators should have an easy way to force users to change passwords in bulk format in emergencies.
Has this been discussed as a possible feature?
Are there drawbacks to having a mass password reset force in administration?
Would setting password expiration to 1 (day) expire all passwords in 24 hours? Is there a way this can be immediately enforced on all users without manually manipulating the database?
This is a result of the security vulnerability notification of 8.5.2013. Customers desire a way to force all users to change passwords. This specific case prompted by a Confluence instance backed by crowd. Setting the requiresPasswordChange field to true in the database for all confluence directory users does not prompt Confluence users to change their password on login. It shows failed authentication error.