The twelfth Feature of the Day is a password expiration notification.
This feature is a new notification reminding you that your password will expire in 7 days and prompting you to change it:
I’d be a lot happier if the number of days is configurable as a reminder and reset prompt starting 7 days before expiry is too early a reminder. I have a few clients who have a password policy of the password expiring and needing to be reset every 30 days.
All a prompt 7 days before does is encourage users to change their password when first prompted; this means they change their passwords every three weeks. This massively contributes to password fatigue, leading to the users writing down their password on a post-it note as they don’t, or won’t, remember the password.
A very laudable addition, much beloved by people who write password policies, but, in my experience, the reality on the ground is that this type of policy and early reminder causes more problems than it solves.
Perhaps people would like to share their experience/perspective below? (Due to massive amounts of spam, comments need to be approved before they appear).