We are trying to implement and Domino policy to force the users to change their password within 90 days, with a 15 grace period.
All works in our testing except that once the grace period has expired, and they try to login, they get a popup message that says:
“Do you want to change your password now? YES/NO” prompt.
If they choose NO, they are locked out of the system, until an administrator clears the password digest field in the person document.
What is the logic in this?? Why is the NO button even there? What possible situation would you want to say NO?
I have filed PMR # 28577,999,738 with Lotus Passport Support asking them to either change the dialog letting the user know that they will be locked out of the servers if they choose NO, or removing the NO button altogether.
How do others deal with this situation? This makes the idea of rolling out a security policy much less favorable, even if the environment is less secure.
Imagine if an organizational policy is put into place, and everyone is asked to change their password on the same day. When the grace period expires, let’s just say that 10% click NO.
The help desk would be flooded, and IT would be blamed for the outage.