Minimize reset password request expiration duration [Updated in Security Center 1.3]
The password_reset.request.expiry denotes the time period in minutes during which a user must perform the password reset process.
Note:
The setting for the password_reset.request.expiry property takes
precedence over the setting for
glide.pwd_reset.onetime.token.validityproperty that has a 12 hour
default.
More information
| Attribute | Description |
|---|---|
| Property name | password_reset.request.expiry |
| Configuration type | System Properties (/sys_properties_list.do) |
| Category | Authentication |
| Purpose | Denotes the time period in minutes during which a user must perform the password reset process. |
| Recommended value | Set to an integer of 10 or less. The default value is 10. |
| Configuration type | Integer values |
| Security risk | (Moderate) If the property is not set to the recommended value of 10 or less, then it increases the opportunity for someone else to guess and use the request and attempt to reset the password. |
| Security risk rating | 4.2 |
| References | Configure Password Reset properties |
To learn more about adding or creating a system property, see Add a system property.