Can i enforce user to reset password for once in a certain time period

Hi,
I am new to discourse, i was looking for a way by which i can enforce the users to reset their password once in certain time period, say once in 30 days, so that those people who don’t have access to their official mail address shouldn’t be able to access my forum as it is a privately maintained forum.

3 Likes

Discourse does not have a built-in setting to enforce periodic password resets. However, this functionality can be implemented by developing a custom plugin.

I specialize in Discourse plugin development and can create a tailored solution to enforce password resets at a specified interval, ensuring enhanced security and compliance for your forum.

Let me know if you’d like to proceed—I’d be happy to discuss the implementation details.

3 Likes

Security folks decided five or ten years ago that forcing password changes is a bad idea. If you want to increase security, force everyone to use two factor.

If it were a good idea, it would be in core, or there would at least be a popular plugin that would do it.

6 Likes

Could you please highlight on any famous plugin which is available to do this job.

As I tried to explain, there is no plugin that I’m aware of. You seem to be the only person who wants to do that. Rotating passwords is not a recommended practice.

If you have a budget, you can ask in Marketplace. I think $300 to $500 might attract a developer.

2 Likes

yea do not do this.

it is well known nowadays that people tend to re-use common words when they are forced to periodically change their passwords manually like this. this is why the functionality does not exist. use the built in multi-factor authentication instead because this is better security, especially when used with a password manager that creates and stores complex passwords (so the user doesn’t have to remember them!).

3 Likes