Skip to end of metadata
Go to start of metadata

Some discussions in the SDN security forum have indicated that it will be usefull to issue a warning to the user that their password will expire, before they are forced to change it at logon time (and consequently choose a weak password "on the fly").

This might however further encourage use of password silos and is debatable whether it enables stronger password policies for all user types, but will probably encourage a password less prone to dictionary attacks if special characters and caps-sensitive passwords are enforced. Low-brainer silos for a finishing touch such as the seasons, months and client numbers can still be added to the USR40 table if need be.

Such a feature would have many UI dependencies (also for non-SAPGui logins and parameters).

None-the-less, from a user perspective it would be usefull, invoke more thought about the password and time to consider how to design it (instead of writing it down).