SRM 4.7: New Password Expiry Functionality

SRM password expiry functionality was added with version 4.7 as part of a drive to improve the security of all Dell products. This password expiry functionality prompts for regular password changes. The password expiry functionality applies to all SRM accounts without exception, and this includes the 'admin' account.

The functionality acts as a reminder to periodically change passwords. No password complexity requirements or reuse policies are enforced. Passwords should always conform to customer requirements and policies.

Once a password is reset, the default expiry period is 90 days. It is envisaged that this interval would be configurable in future SRM versions, but it is fixed at 90 days in SRM 4.7.

There is a password change reminder after logging into the user interface starting 10 days before expiry. Login is possible even after expiry and in this case, a prompt to change the password is immediately displayed.

To change a password in the SRM user interface, go to Profile > User Settings > Change Password.

The SRM 4.7 Web Portal Guide states:

NOTE: In SRM Frontend, the password expiry duration is current date + 90 days. The users are notified 10 days prior about password expiration in SRM Frontend. Once the password is changed, the user must log out and log in for the password changes to be effective.

To check the password status and remaining days for all users, go to Administration > Users & Security > Users & Roles > Manage Users.

Note: The internal 'ws-user' account may show '0' Password Expiry Days. This is expected behavior and not a cause of concern. The 'ws-user' continues to work and its password should not be changed as many SRM components depend on it for internal communication.