- Users should be able to change their password if it expired, but not locked out (too many failed login attempts)
- How to do this? (tokenless auth for the auth request could return the URL for password change if password is expired (regardless of the value of the password))
Discussed at the (11/22/16) meeting:
- Users should be able to change their password if it expired, but not locked out (too many failed login attempts)
- How to do this? (tokenless auth for the auth request could return the URL for password change if password is expired (regardless of the value of the password))