Comment 6 for bug 1979570

NCDIT has a policy where state and local government employees must change their NCID passwords every 90 days. At a meeting of our NC Cardinal governance committee, we voted to adopt a similar policy for our instance of Evergreen. We also voted to increase the minimum strength requirements for passwords as well, but the committee wished to have different requirements based on permission group so that patrons would be allowed to have simpler passwords than circulators and admin. We will tackle this in the next phase of our patron password policy project.

By default, there are no notices or alerts until the global.password_reset_age org setting has a positive value. The only change visible without this is that the age of the password is visible beneath the password field on the patron edit screen.