Minimize reset password request expiration duration
The password_reset.request.expiry denotes the time period in minutes during which a user must perform the password reset process.
If the password_reset.request.expiry system property is not set to the recommended value of 10 or less, then it increases the opportunity for someone else to guess and use the request and attempt to reset the password.
Ensure that the property password_reset.request.expiry is set to 10 or less.
Note:
The setting for the password_reset.request.expiry property takes
precedence over the setting for
glide.pwd_reset.onetime.token.validityproperty that has a 12 hour
default.
More information
| Attribute | Description |
|---|---|
| Configuration name | password_reset.request.expiry |
| Configuration type | System Properties (/sys_properties_list.do) |
| Data type | Boolean |
| Recommended value | An integer less than or equal to 10 |
| Default value | <none> |
| Fallback value | 100 |
| Category | Configure Password Reset properties |
| Security risk |
|
| Functional impact | None |
| Dependencies and prerequisites | None |
To learn more about adding or creating a system property, see Add a system property.