[CONFSERVER-98153] Password aging, expiry, and rotation for improved password management

Type: Suggestion
Resolution: Unresolved
Fix Version/s: None
Component/s: Server - Platform
Labels:

UIS:
0
Support reference count:
23
Feedback Policy:

We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Problem

Modern companies require advanced password management features, part of this was shipped in Confluence 9.1 with a password strength management policy.

However, advanced password management functionality can also include Password aging and expiry (although according to NIST SP 800-63B this is not currently a recommendation).

Solution

Implement password expiry periods to enforce rotation.

incorporates

CONFSERVER-8328 Ability to enforce password requirements

Closed

is cloned from

CONFSERVER-11496 Advanced password management

Closed

is duplicated by

CONFSERVER-7845 Allow for password change enforcement

Closed

CONFSERVER-30236 Force password reset for all users

Closed

is related to

CONFSERVER-2146 Encrypt all passwords stored on the file system

Closed

CONFSERVER-27986 Create Way to Enforce Password Complexity Requirement

Closed

CONFSERVER-57946 Encrypt all passwords stored on the file system

Closed

relates to

CONFSERVER-7440 kerberos authentication support in Confluence for LDAP

Closed

JRASERVER-21358 Password strength measurement and restriction

Closed

CONFCLOUD-11496 Advanced password management

Gathering Interest

CONFSERVER-5411 Transfer Actions from one user to another

Gathering Interest

JRASERVER-2740 Rules Governing Passwords - Password Policy

Not Being Considered

JRADEV-21005 Loading...

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Wiki Page Loading...; Page Loading...; Page Loading...

Wiki Page: Wiki Page Loading...; Wiki Page Loading...

(2 is related to, 6 relates to, 20 mentioned in, 2 Wiki Page)

Form Name

Jeremy R made changes - 06/Dec/2024 8:22 PM

Labels	Original: admin admin-console affects-server dmb-legacy-jac-none no-cvss-required not-80 security shouldBePrivate	New: admin admin-console affects-server dmb-legacy-jac-none no-cvss-required not-80 security
Security	Original: Reporter and Atlassian Staff [ 10751 ]

Zaro made changes - 02/Dec/2024 1:57 PM

Labels	Original: admin admin-console affects-server dmb-legacy-jac-none no-cvss-required not-80 security	New: admin admin-console affects-server dmb-legacy-jac-none no-cvss-required not-80 security shouldBePrivate
Security		New: Reporter and Atlassian Staff [ 10751 ]

SET Analytics Bot made changes - 05/Oct/2024 2:07 AM

UIS

Original: 46

New: 0

Michael Andreacchio made changes - 04/Oct/2024 5:49 AM

Summary

Original: Password aging and expiry for improved password management

New: Password aging, expiry, and rotation for improved password management

Michael Andreacchio made changes - 04/Oct/2024 5:44 AM

Summary

Original: Password expiry within password management

New: Password aging and expiry for improved password management

Michael Andreacchio made changes - 04/Oct/2024 5:43 AM

Description

Original: {panel:bgColor=#e7f4fa}
  *NOTE:* This suggestion is for *Confluence Server*. Using *Confluence Cloud*? [See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-11496].
  {panel}

Modern companies require advanced password management. This includes:

- Password aging: Automatically invalidating a password after a certain period of time,
- Password strength check: Making sure that the passwords that are used are strong
  (an example can be found here: http://passwordstrength.net/)

Two features that are getting more common every day.

New: h2. *Problem*

Modern companies require advanced password management features, part of this was shipped in Confluence 9.1 with a [password strength management policy|https://confluence.atlassian.com/doc/manage-password-strength-1442846691.html].

However, advanced password management functionality can also include Password aging and expiry ([although according to NIST SP 800-63B this is not currently a recommendation|https://pages.nist.gov/800-63-3/sp800-63b.html#-5112-memorized-secret-verifiers]).
h2. *Solution*

Implement password expiry periods to enforce rotation.

Michael Andreacchio made changes - 04/Oct/2024 5:33 AM

Remote Link

New: This issue links to "JRADEV-21005 (JDOG - JIRA Team Dogfood)" [ 952822 ]

Michael Andreacchio made changes - 04/Oct/2024 5:33 AM

Remote Link

New: This issue links to "Page (Pug - Confluence Dogfood)" [ 952821 ]

Michael Andreacchio made changes - 04/Oct/2024 5:33 AM

Remote Link

New: This issue links to "Page (Pug - Confluence Dogfood)" [ 952820 ]

Michael Andreacchio made changes - 04/Oct/2024 5:33 AM

Remote Link

New: This issue links to "Page (Confluence)" [ 952819 ]

Assignee:: Unassigned

Reporter:: Erik Erik

Votes:: 2 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 04/Oct/2024 5:33 AM

Updated:: 26/Feb/2025 10:24 AM

Details

Description

Problem

Solution

Attachments

Issue Links

Forms

Activity

People

Dates