Disable password expiration feature
I see that WA now automatically expires user passwords after 365 days; is there a way to prevent that? I'd like our users to be able to use their passwords forever, not being forced to change every year for a site they rarely use.
Password expiration only affects administrators of accounts, not members.
We will reconsider this once we implement alternative authentication methods (e.g. email/phone validation)
You should follow the NIST standards for passwords that explicitly state forcing a password reset does not increase security and just makes users upset. See
When you institute alternative authentication methods, please make sure you consider the demographic population of elderly users!
Since recently WA seems to automatically enforce password rotation on users every 365 days.
There should be an option to disable that for all users. Most of our users log in rarely and facing a renewal each year just leads to them not remembering it.
In 2023 - it is no longer a good security practice to enforce password rotation!
(no other large website does that - incl. Google/Facebook/Microsoft/etc)
(Edit) - I just learned that this affects only admins, not regular users. That's much better!