The Advanced Security module/Express Security module allows you to expire administrator passwords. If you do not activate the module, this feature is disabled after the 30-day trial expires.
If Expire Passwords is enabled and a user logs in with an administrator account with a temporary password, EFT prompts the user to supply a new password. Each day it also checks whether passwords are <n> days from expiration, and those passwords are flagged for reminders, if reminders are enabled. All reminder e-mail messages are sent immediately after flagging the accounts to be reminded.
EFT executes cleanup procedures every day at 00:00:00 UTC and at Server Startup. This daily server cleanup removes/disables inactive administrators and user accounts and sends password reset and expiration notifications for every Site.
EFT cannot ask FTP users to change their password prior to logging in and identifying themselves. EFT allows them to login (authenticate), but then prevents any further interaction with their session until they change their password.
To expire administrator account passwords
In the administration interface, connect to EFT and click the Server tab.
On the Server tab, click the Server node you want to configure.
In the right pane, click the Administration tab.
Click an EFT-managed administrator account, then click Password Policy. The Password Security Settings dialog box appears.
To specify the number of days after which to disable or remove administrator accounts, select the Expire passwords check box, then type or use the arrows to specify the number of days. The default is 90 days.
If you make any changes to the password settings, when you click Apply to push the changes to EFT, the counter is reset. For example, if you set it for 90 days, then go back 89 days later and specify a different dictionary file, when you click OK then Apply, the administrator accounts will not expire for 90 days.
Click OK to close the dialog box.
Click Apply to save the changes on EFT.