PASSWORD_CONTROL_EFFECTIVE_DATE

The REQUIRE_PASSWORD_SECURITY is the master token that enables the password security feature.

Consider a site with 130 users on which the password control kit (PCK) was not active. Of the 130 users, assume that:

• 100 users did not change password in last 100 days.
• 20 users did not change password in last 85 days.
• 10 users did not change password in last 75 days.

Assume that the following tokens are set on 01/01/2014 (current date):

• REQUIRE_PASSWORD_SECURITY=true
• PASSWORD_WARNING_PERIOD=20
• PASSWORD_EXPIRY_PERIOD=90
• PASSWORD_DISABLE_PERIOD=30
• PASSWORD_DELETE_PERIOD=60

PCK runs on 01/01/2014 and if you have PASSWORD_CONTROL_EFFECTIVE_DATE=01/10/2014 (set to a future date):

• 100 users with no password change for the past 100 days would get a warning message that their passwords will expire in 10 days.
• 20 users with no password change for the past 85 days would get a warning message that their passwords will expire in 10 days.
• 10 users with no password change for the past 75 days would get a warning message that their passwords will expire in 15 days.

Consider the following scenario in which:

• Current date = 01/01/2014
• PASSWORD_CONTROL_EFFECTIVE_DATE=01/01/2013

In this scenario, the password control effective date is set to a date in the past. As a result, password control takes immediate effect and the PCK starts disabling, deleting or expiring user accounts right away.